Robert Gibbons, Chief Technology Officer at Datto, has been warning of the threat ransomware poses to small businesses.
SMBs ‘Particularly Vulnerable’
In his role, Robert manages support for Datto’s data backup and protection platform designed for small businesses. In a report for ITProPortal and a recent presentation at the annual RSA Conference on cybersecurity in San Francisco, he discussed what his company has learned from infecting themselves with ransomware.
“Ransomware has become a major threat to individuals and businesses over the past few years, and the cyber extortionists behind these attacks operate with increasing sophistication. SMBs can be particularly vulnerable to attacks and are more likely to pay a ransom to get their data back than large businesses,” he says.
“The most important lesson we learned from infecting ourselves with ransomware is that early detection matters.”
Early detection allows damage to be quickly identified and contained, and allows your business to reset rapidly using a ‘healthy’, pre-infection backup.
The Deeper Dangers of Ransomware
Ransomware is far more dangerous than many people realise. How do we fall victim to it? Robert points out some key facts:
- Often, attacks are conducted by large criminal organisations using widespread botnets to spread malware via phishing
- Victims are tricked into downloading an e-mail attachment or clicking a link via social engineering. e.g. by interacting with a fake email appearing to be from a friend, colleague or trusted institution such as a bank
- Some fake emails are designed to scare victims, claiming their computer has been used for illegal activities
Once the link is clicked or the attachment opened, the malware goes into action.
- It begins to encrypt files – and it doesn’t stop at the original device. “Today’s ransomware is designed to spread itself out across entire networks,” warns Robert.
- It’s constantly changing, meaning it often gets through firewalls and isn’t always stopped by antivirus software.
The next step? A ransom is demanded to restore your files.
Protecting Your Small Business from Ransomware
- Warn and educate staff; it’s not all about cybersecurity software. “A proper ransomware protection strategy also requires employee education and backup,” says Robert.
- Keep applications patched and up to date to minimise vulnerabilities.
- Invest in a good firewall and antivirus software, installing any updates immediately.
- Have a regular, robust backup regime. This not only allows your business to recover quicker, but may also help you to detect ransomware more rapidly too. “Each time a backup is performed, it can be compared against previous backups to look for changes,” says Robert.
- Ransomware will always encrypt directories and user documents. Look out for those encryption clues in backups: in Datto’s self-infection testing, 80% of the ransomware tested changed file names when encrypting files. Another clue is randomised data rather than the structured data usually seen in files. Encrypted data is completely randomised.
Datto have used what they learned from their infection testing to develop a new ransomware detection feature that alerts businesses and users to the problem. When ransomware is detected, an alert is sent allowing businesses and other users to diagnose the issue and restore data to an earlier pre-infection point.
A Growing Threat
If you own or manage a small business, ransomware isn’t a threat you can afford to ignore. To compile their recent State of The Channel Ransomware Report, Datto surveyed 1,100 IT service providers worldwide. While most IT service providers were “highly concerned” about ransomware, they said that generally, their customers were not – probably due to a lack of awareness.
Yet 97% of respondents said ransomware attacks on small businesses are becoming more frequent and 91% said their clients had been victims of ransomware. 40% of those clients had experienced 6 or more attacks in the last year. 46% of respondents said that phishing emails had been responsible for the ransomware attacks.
They reported that the average ransom requested was typically between £400 and £1,600, although 10% of respondents reported the ransom average to be greater than £4,000. The ransom itself, however, isn’t the only financial loss you may incur – it’s the downtime and possible loss of custom and business confidence. 63% of respondents mentioned a ransomware attack that had led to business-threatening downtime.
The message is:
- ensure you and your staff are aware of ransomware and how it gains access to your data
- put robust measures in place to ensure your data is protected and backed up.
Leave a Reply