Security awareness

Ransomware and Its Impact On Small Businesses

Infosec
June 24, 2016 by
Infosec

Ransomware is a kind of malware that limits or totally prevents users from gaining access to their computer system either by locking some files or the computer screen until a ransom is paid. Some of this malware referred to as crypto-ransomware can encrypt some valuable files on your system till you pay the ransom fee to obtain a decryption key.

They can be downloaded into your computer when you unwittingly click on compromised or malicious links in emails. They may also come as a payload from another malware. Some arrive as attachments from spammers, or they are dropped quietly in your system by exploit kits. Clicking on malvertisements can also expose your computer to ransomware attacks.

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Small businesses are usually the primary targets of ransomware attacks. And the reasons are not farfetched. Small businesses usually lack sophisticated computer defenses thus making them very vulnerable. An overwhelming majority, some reports by Intel says as much as 80%, of these small and medium scale businesses, don't employ data protection or email security. According to Verizon Enterprise Solutions, about 23% of the recipients click on the phishing emails used in sending ransomware while another 11% clicked on infected attachments carrying ransomware and malware

Here is a case that happened to my very good friend: Sharon is the secretary of a Denver-based consulting firm. She was idly chatting during break time one day when a floating menu popped up. Frustrated at the intrusion, she just clicked as suggested. And that was it. A ransomware attack had just been launched that crippled her entire server network. She stared in fright as the ransom note popped up "pay $300 within 48 hours to unlock your system". She ran upstairs to call Kabir the IT expert. According to Kabir, trying to decrypt the code would take several weeks of hard work. It was just like a scene from a Hollywood horror movie for Sharon.

Popular Trends in Ransomware Attacks

Here are a few common trends that you should be aware of:

  • They tend to design this ransomware to target some specific industries. They are more interested in volume over finite targets. A particular variant was reported to have attacked about 90,000 computers in one day.
  • The ransom demanded is usually less than $1,000. The idea is to make the business owner see this as a "nuisance expense" and pay up quickly compared to the business implication and stress of trying to fix the issue on their own.
  • Their business model is quite simple: they only need just a few victims to make payments per day to remain in business. If only four victims of the hundreds attacked a day make payment of $300, they have made a profit of $1,200 cool cash for that day. Roll that over in a year and that is some decent profit.
  • Some of this crypto-ransomware targets some specific files and data while a locker ransomware shuts down the entire computer
  • Ransomware codes are constantly and easily tweaked to produce several variants. Sadly, anti-ransomware and anti-malware can hardly keep pace with them.
  • These cybercriminals sometimes embed ransomware in ads of popular websites
  • The ransomware makes use of different keys for a particular file. This makes the decryption of the file extremely difficult.

Ransom Price and Payment

These cybercriminals usually set the price so low that when you consider the stress and economic implication of the attack to your business, you would want just to pay and get it over with. Usually, the ransom demanded is less than $1,000. So you may want to consider it as "nuisance expense" and pay. Crypto currencies, especially Bitcoins, are their preferred payment method as it is very difficult to trace. Their other alternative payment methods include Amazon gift cards and iTunes. One more interesting thing to take note of is this: payment of the ransom fee does not in any way guarantee that these cybercriminals will send you the decryption key required to unlock your system or the infected files. That's simply the power of blackmails.

To fast track response from their victims, they may give a "freemium" service in which they offer to unlock a few of the infected files at no cost. Some of them threaten to raise the price of decryption after a few days all of which is intended to create panic and make the victim pay up quickly.

What Should Businesses Do?

In the case of ransomware, there are no silver bullets. To minimize the risk, a multi-faceted approach that seeks to prevent ransomware intrusion should be deployed. Other cyber security measures such as frequent backups, white listing for web access, use of strong ad blocker software should also be employed. Businesses should consult cyber security experts who will tell them what to do in case of a ransomware attack, so as to minimize interruption to business.

Trend Micro offers an array of cloud-based email security gateway via its Hosted Email Security. It also offers behavior monitoring and real-time online reputation capabilities that identifies and blocks ransomware. They also have free tools which be of help in the event of a ransomware attack. Their Lock Screen Ransomware Tool helps to identify and decrypt screen-locker ransomware. While the Crypto Ransomware File Decryptor Tool can identify and decrypt files that were locked by some types of crypto-ransomware. So you don't have to pay the ransom fee to get the decryption key.

How to Prevent Ransomware Attack

Here are a few ransomware attack prevention tips:

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.
  • Do not open unverified emails and avoid clicking on the links in these emails
  • Backup important files regularly. Create about three backup files on two separate media with a backup in a different location
  • Regularly update your apps, and system programs to boost their capabilities against latest vulnerabilities
  • Never accept to pay the ransom price as it only elongates the matter
  • Buy time by making them feel you are going to pay
  • Gather all the necessary information on the attack and hand I to your web consultant, not the security agents
  • If the resultant loss is massive, hand over all the information to the FBI

Conclusion

These prevention tips apply to small businesses and individuals alike. Small businesses should routinely train their employees on how to detect malicious emails and the phishing methods these cyber criminals employ. The more employees can detect and avoid their baits, the lesser the chances of falling victim to ransomware attacks.

Infosec
Infosec