Did you know that the data you use to keep your business running smoothly could put you at risk for a ransomware attack? As technology evolves, businesses of all sizes have access to better tools to create and collect data, most of which is saved locally on computers and servers. This data, such as customer profiles, software, account numbers or sales records, is often crucial to business functions and can improve your competitive edge. But this data can be a risk in the case of a ransomware attack.
Ransomware operates by hijacking computers and servers and charging a ransom, typically paid in Bitcoins (BCT) or via Western Union, to release it. While many small business owners think they are not at risk due to their smaller size, that sense of security is often mistaken. Ransomware is designed to spread automatically through botnets and infected computers, meaning that targets are chosen at random, and a small business is as much at risk as a multi-billion dollar corporation. Additionally, because small businesses don’t have an extensive budget for cybersecurity protection, they can be more at risk of an attack and suffer a greater impact from the monetary loss and harm to their reputation.
How Ransomware Works
Ransomware is a type of malicious software (malware) or crimeware that inserts itself into a computer. Once established, it begins encrypting specific types of files or even the entire hard drive. Once it finishes encrypting, the ransomware sends the computer’s user a message, usually with a pop-up or by changing the computer’s background, telling you how to pay the ransom. Hackers are profiting by attacking small businesses, because these companies need the data back quickly, so are more likely to pay the ransom. Ransomware has cost American businesses $75 billion in direct fees and lost profitability, earning some hackers as much as $1 million per day in fees.
There are three primary types of ransomware:
- Encryption programs – these programs encrypt your data and change the format to a custom name like .locky.
- Screen Locks – These programs hijack your desktop and block your Windows Explorer or Finder, demanding payment to remove the block.
- Mobile ransomware – This software typically locks you out of your mobile device and instructs you to contact an address or number to send payment.
How much will you pay? The average payment for small business owners is $300, but hackers often change the rate based on the business. For example, the Hollywood Presbyterian Medical Center in Los Angeles paid $17,000 to unlock their data.
Unfortunately, if you are unlucky enough to have your computer or servers infected with ransomware, paying the ransom doesn’t necessitate the return of your data. Ransomware and encryption methods are available for sale on the internet, some even for free, meaning that many would-be hackers can simply pick up a program off the web and start using it to earn money with no real idea of how to unencrypt what they’re using.
Who’s at Risk?
Anyone is at risk for a ransomware attack, but businesses that are more at risk are those that operate using data, that store private customer/client information, or that work primarily on computers. The more computers and users you have on your network, the more likely you are to be exposed to an inspection. For example, email is the most common infection method, and data shows that 93% of all phishing emails now lead to ransomware. Other avenues include ransomware coming through infected networks (if other computers or devices on the network are infected, it may spread), by visiting infected websites, or through malicious apps and programs.
Protect Your Business from Ransomware
Luckily, there are steps you can take to help shield your important data from ransomware attacks.
- Make regular backups of your data and store it offline. If you have a recent backup of your computer, you should be able to just turn your computer off and run a clean install of your operating system, and then load your data from your last backup. Valuate your data, and spend more time and resources backing up important data (like customer records) to save money.
- Protect your data servers
- Use antivirus and malware protection and keep it up to date
- Educate employees about phishing emails
- Integrate a spam filter and use an antivirus software that scans email and web links
- Use a pop-up blocker to avoid accidentally clicking on a pop-up with malware
Ransomware is an increasingly big risk for companies of all sizes. It is important for small business owners to understand cybersecurity risks to properly allocate resources to best protect your company. If you’re interested in learning more about cybersecurity for your business, consider a Threat Sketch Risk Assessment. We can help you to identify your areas of concern, so that you can take action to protect your business.
About the Author: Brandy Cross is a freelance writer specializing in technology and marketing solutions for SMBs, with experience writing for everyone from startups to Fortune 500s.