Ransomware attacks have hit the news a lot recently, especially with the Colonial Pipeline attack in May 2021. Whilst we often read about these attacks in the media, it can be confusing about what, if anything, this means for small businesses. In this post, we describe exactly what ransomware is, why you need to take the threat of ransomware seriously in your SME and the five steps you can take today to protect your business.
Ransomware is a type of malware ("malicious software") which encrypts the files on your computer. Usually, the criminals then state that if you pay them, they will unencrypt your files. Like most other types of malware, ransomware can either be installed on your computer by clicking on a link in a phishing email or by being persuaded to visit a malicious website that will exploit an unpatched vulnerability on your computer (for example, an out of date operating system) which will then be used to install the malware.
Ransomware uses unbreakable encryption technology (often referred to as "military-grade encryption") to scramble the files on your computer's drive. Think of it like putting your files in an impenetrable box that can only be unlocked by a unique key that the hacker has and, usually, they are willing to sell to you (if you trust them) for a fee.
Unfortunately, ransomware doesn't just affect the computer it is initially downloaded onto. Ransomware malware falls into a sub-category of malware called "worms". Worms spread out to all other computers connected to the initially infected computer, infect that new computer, and then spread to all other computers connected to this newly infected computer (just like COVID-19 at Eurovision). If you have a company network or even just shared WiFi, ransomware can move from the first computer (or patient 0) to all other computers within seconds meaning that all computers within a company, and even outside that company, become infected before you know what is happening.
The effect of ransomware can be devastating to businesses as they can permanently lose access to all of their files. Even if they can recover from ransomware, the cost can be crippling, costing tens or hundreds of thousands of pounds to recover (Sophos, 2021). It is also very common that the ransomware malware doesn't just encrypt your files but actually copies them to an attacker�s system meaning that you must also deal with a data breach of all of your company's and customers' information.
In short: no. Ransomware is so prevalent today because it is a highly successful revenue stream for hacking groups and nation-states. Because of the cost and impact of losing most, or even all, of a company's data, around 32% of companies pay these criminals to try and get their data back. However, leaving the moral question of whether it is right to fund and encourage organised criminal networks aside, only 8% of the organisations that pay up actually get all of their data back (Sophos 2021).
Whilst ransomware can be devastating, it is actually fairly simple to mitigate against the biggest risks by following our five-step plan below.
To build a solid defence plan, we need to first understand the ways ransomware infects computers (phishing and lack of computer updates) and then the impact of the infection (loss of data). Using this, we can then build out our five-step plan:
The primary impact of ransomware is the loss of data. Luckily because we are dealing with digital data, we can create unlimited copies and store them in a safe location. In small businesses, this process is pretty straightforward.
Ensure that all files that are stored on all computers in your company are saved in some form of cloud storage (One Drive, Google Drive, Dropbox etc.) and then back up this data to a separate backup service. Whilst storing everything in cloud storage is a great first step, we must also make sure we back up everything in these cloud storage services in case hackers infects the files in these services, gain access to them and delete or modify them or if you ever lose access to these precious files. Luckily there are numerous services available just for this. Naq customers can take advantage of a very special discount with CloudAlly but there are lots of other services available.
The main way malware infects your computer is by taking advantage of out of date software. Pretty much every blog we write, each of our training courses and our security actions in our platform goes on and on about the importance of updating your software. This is because if your software is up to date, you are protecting yourself against the vast majority of malware, including ransomware. Ensure that you enable automatic updates for your operating system (Windows or MacOS) and ensure that you update all software on your computer no later than two weeks after an update is released.
The single most important way to protect your company from phishing is to train your team. As we go through in our training course on email security, phishing can take many forms but all phishing attacks use psychological tricks to try and convince recipients to either download something, visit a malicious website, divulge sensitive information or perform an action (such as sending money). Your team must always be vigilant but this vigilance must be taught. This is why the combination of policy, training courses and phishing tests are a critical part of the Naq subscription.
Knowing exactly what you need to do in case a ransomware attack hits is critical to ensure that you minimise the impact of the attack and ensure you stay on the right side of the law. You must ensure you have a robust incident response plan in place so that you and your team know exactly what you need to do, from a technical point of view (such as if you are infected with ransomware on one computer, immediately shut down your network) and legally (such as ensure you document all actions in case you need to report the incident to the information commissioner). We provide this full guidance as part of our Naq subscription.
Policies and plans are useless if you never read them and more so if you never practice what is in them before you actually need them. This is especially true for any incident response and data recovery plans. It is critical that you go through your incident response plan with the team to ensure you know who needs to do what and that responsibilities are understood. Also, it is critical that you test the recovery of any data backups at least once a year to ensure that you can actually rely on these backups in the case of a ransomware attack.