You may have heard of large businesses being targeted with ransomware, and although that certainly happens, the most common victims of ransomware are SMEs like yours.
In most cases, ransomware is not aimed at a specific business. Instead it is sent to thousands of organisations and individuals, usually via a malicious email, with the hope of just a few of them falling for it.
A ransomware attack can be devastating for a small business. Even with backups in place it can take days or weeks to get systems back up and running again.
Ransomware is a form of malware (like a computer virus) that makes all your files inaccessible to you and requires a ransom be paid to get them back. It does that by working through all the files it can find, both on your computer and any server or cloud storage you are connected to, and encrypting those files with a password which is only known to the program.
Once all your files have been encrypted it will announce its presence and demand a payment in exchange for the password to get access back to your files. As ransomware becomes more advanced we are seeing it evolve to locate and destroy backups to improve the chances of getting paid. There are even some strains which will also upload your files to the attacker’s server with the added threat of releasing trade secrets if the ransom isn’t paid.
The ransom is usually paid in the untraceable cyber currency bitcoin. The only information about where the money is going is a wallet ID which cannot be linked to the criminals. Once the ransom has been paid, the chances of finding the culprits are virtually zero.
The short answer is no. You are dealing with criminals and paying the ransom will fund them in exploiting hundreds of other businesses. If you have another means to recover your files, or you can weather their loss, then you absolutely should do that.
If you find yourself in the unfortunate position of not being able to recover from backups then you may feel you have no other choice than to pay the ransom. This might work, but you need to accept that when you pay the money you might not get a password in return, or the decryption process may not work for some other reason, and you will be left with no way to get your money or your files back.
Of the 15% of business which do decide to pay the ransom, a surprisingly high 96% report receiving a valid password. It is in the cyber criminals’ interest to give you the password when you pay the ransom because that encourages other to pay, but if you are in the unlucky 4% you won’t be getting a refund!
Even if you do recover your files you must consider you entire system to be compromised. An extensive cleaning operation must be undertaken immediately to avoid becoming re-infected with the same or another strain of ransomware.
Defending against ransomware is like all other areas of cyber security – it is impossible to be 100% secure but the risk can be significantly reduced, and the best way to achieve that is by employing multiple layers of defence. The measures below will all individually reduce your risk of a ransomware attack but for the best defence they should all be used.
Your staff are often the weakest link in the security chain, and by exploiting them attackers can get malware, including ransomware, past your defences. Make sure your staff are educated about cyber threats and know how to avoid them.
Anti-malware is the workhorse of cyber security and no organisation should be without it. Good, up-to-date anti-malware can stop many threats but it’s not infallible and should not be relied upon as the only line of defence.
If a user falls victim to ransomware all the files they can access will be encrypted. By limiting what they can access, you can limit what can be encrypted. Only give users access to what they need for their day-to-day job and consider second accounts if they occasionally need wider access.