If you are friends with any other business owners, ask around to see if anyone has been a victim of a ransomware attack. While some may be embarrassed to admit it, 4% of Canadian businesses were victims of a ransomware attack in 2017, with the estimated cost of downtime for these attacks being $5.7 million.1
A hacker’s favourite target for ransomware is small business. An SMB or SME is less likely to have proper digital security measures in place. They are also more likely to pay the ransom and leave the crime unreported, either out of embarrassment or fear of reprisals from the hacker if they report the crime. In July 2017, an anonymous Canadian business paid the largest ever ransom for this sort of attack in Canada – $425,000.
How does Ransomware Work?
Ransomware is simple – it locks access to vital systems such as G Suite or Microsoft Office 365, and some may even take down your website in the process. If a hacker gains access to one administrator’s password, the attack proceeds and the hacker tries to gain access to as many vital business systems as possible. When the ransom is paid, access is promised to be returned, but in 13% of cases in 2017 businesses either weren’t given access or stolen data back.1
Access to vital systems happens through phishing
Hackers usually obtain access to your company’s systems through a couple of mechanisms; phishing emails and installing malicious extensions on your web browser during the course of what you would consider to be regular Internet activity. A successful phishing email which nets something like a Microsoft Office 365 password is usually only the beginning; with this password, the hacker can get into your email and documents and find passwords for other systems, such as your website.
They can even contact some of your service providers and ask them to reset or change services with the identifying information they find out about you from your email. A successful ransomware attack will hold as many items for ransom as possible. It could target your website, G Suite, Microsoft Office 365, and/or sensitive business data such as financials – anything you have that is online or stored on a computer is fair game. As you can imagine, it is not necessarily the services themselves that are worth the ransom, but the business’ downtime that costs money.
Encrypted ransomware most common form of attack
While there are different kinds of ransomware, the kind of attack we see most often is through encrypted ransomware. With this kind of attack, systems are locked out using a very strong encryption key, which only the attacker can decode. The ransomware is typically introduced as a Trojan virus which is activated by the user opening an infected file in an email, or a Trojan or other form of code which is maliciously injected into the user’s device while browsing an unsecure website. While there are other forms of ransomware, this one is the most popular form of attack.
Protecting against ransomware: email safety and the right backup systems
There are successful CEOs with multiple degrees who fall for phishing emails, and these email-based phishing tactics get more sophisticated every day. Some are virtually indistinguishable from a proper corporate communication that Microsoft or Google would send. While a cyber security training seminar for your staff will help, it only assists against the initial phishing email, and won’t do anything for a maliciously installed browser extension.
The best preventative measure against ransomware is to have an IT management service taking care of the digital security of your business. With AI-based email filters to detect malicious files and by “sandboxing” all web links in emails in a safe environment, potentially harmful emails can be opened without infecting other systems.To safeguard Internet browsing, we use systems that check links as your employees initially load up a page of a website, preventing links that look like they may be malicious from being clicked on at all, or give your employees a warning about them, depending on how you want to set your preferences.
With our IT Enterprise support package, your data is backed up, mobile devices are managed, and all laptops and desktops have an Internet content filter that catches malicious extensions that could be ransomware. We can also conduct “Lunch and Learns” for your staff that will answer their questions about security and teach them best practices, turning them into champions for cybersecurity in your organization.
Contact us today to find out more about how we can keep your business from being held for ransom, as well as other managed IT services that will improve the efficiency and security of your business.
1Datto’s State of the Channel Ransomware Report 2017 – Canada