[BreachExchange] How SMBs can minimize damage from ransomware attacks

Inga Goddijn inga at riskbasedsecurity.com
Mon Dec 31 17:14:19 EST 2018


https://www.techrepublic.com/article/how-smbs-can-minimize-damage-from-ransomware-attacks/

There has been a lot written about how businesses can avoid being digitally
defrauded by ransomware. "A ransomware infection often starts with someone
clicking on what looks like an innocent attachment, and it can be a
headache for companies of all sizes if vital files and documents (think
spreadsheets and invoices) are suddenly encrypted and inaccessible," writes
ZDNet's Danny Palmer in the article What is ransomware? Everything you need
to know about one of the biggest menaces on the web
<https://www.zdnet.com/article/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web/>.
He adds: "If you are attacked with file-encrypting ransomware, criminals
will then brazenly announce they're holding your corporate data hostage
until you pay a ransom in order to get it back."

Even with all the warnings, the success of ransomware is unparalleled, and
to make matters worse, digital fraudsters are now targeting smaller
businesses, which typically do not have sufficient resources to even begin
to combat ransomware. The cost is frightening. This RiskIQ infographic
<https://cdn.riskiq.com/wp-content/uploads/2018/08/Evil-Internet-Minute-RiskIQ-Infographic.pdf?_ga=2.38126179.1928803402.1534880854-1959478491.1534880854>
states that ransomware costs businesses $8 billion a year.

  As to how ransomware is affecting smaller businesses, Datto, an
organization that pairs small businesses with managed-service providers
(MSPs), surveyed 1,700 MSPs that work with a combined 100,000 Small and
Medium-sized Businesses (SMBs) and posted their findings in the paper Global
State of the Channel Ransomware Report
<https://www.datto.com/resources/ch-ransomware-survey-17?utm_campaign=ch-ransomware-survey-17&utm_medium=press-release&utm_source=13>.
The paper begins by mentioning that 99% of the survey participants agree
the number of ransomware attacks will continue to increase. Next, Robert
Gibbons, chief technology officer at Datto, states that approximately 75%
of the MSPs queried said their SMB customers experienced
"business-threatening" downtime as a result of a ransomware attack. That is
a rather bleak outlook.
*To pay or not to pay?*

In TechRepublic contributing writer Jesus Vigo's post The ransomware
debate: Should you pay to get your data back?
<https://www.techrepublic.com/article/should-you-pay-to-get-your-data-back-or-not-the-ransomware-debate/>,
looks at whether it makes sense to pay the ransom or cut losses and get up
and running as soon as possible. "It's clear that both camps can cite a
variety of reasons to support the decisions they make," concludes Vigo. "I
feel, personally, that it isn't so black and white, and that each scenario
should be addressed based on the circumstances rather than choosing an
answer based on a preset plan."

Vigo looked at the plusses and minuses of ransom payment a little more than
a year ago. Due to what's at stake, it seems appropriate to revisit this
debate. According to Datto's Gibbons, "The impact of downtime affects SMBs
far more than the cost of ransom requests."

So, it's not surprising that business owners who want to regain control of
their data and infrastructure as quickly as possible are willing to pay the
ransom even though the odds are against them. Reports from various security
research firms (including Bitdefender
<https://businessinsights.bitdefender.com/research-more-smbs-are-reporting-ransomware-attacks-to-authorities-but-less-are-paying-the-ransom>
and CyberEdge <https://cyber-edge.com/cdr/#about-this-report>) state that
between 45% and 55% of businesses that pay the ransom are unable to recover
their data.
*Not so fast*

The typical talking line for security experts is to never pay a ransom;
however, that's easy for them to say—they're not the ones who have to make
that painful decision. Still, those who are facing that decision are now
more likely to say no to ransom demands.

CyberEdgeGroup's 2018 Cyberthreat Defense Report
<http://cyber-edge.com/cdr/> stated that of the 1,200 IT professionals
surveyed, 55% experienced a ransomware attack; of the 55%, only 19% paid
the ransom. The report also mentions those who refused to pay the ransom
had backups allowing them to quickly recover and get back to business as
usual.
*Are backups the answer?*

A bulletproof backup system seems to be the answer, as loss of data is the
most pressing issue according to companies surveyed by Radware
<https://www.healthcare-informatics.com/news-item/cybersecurity/survey-42-percent-companies-have-experienced-ransomware-attacks>.
"Businesses are most concerned with their data when hit with a
cyber-attack," mentions the report. "Respondents noted that data leakage
was their top business concern, followed by reputation loss and service
outages."

Besides being unable to function normally due to lost data, business owners
have additional concerns:

   - Getting data back is no indication the information has not been used
   by the attackers, sold to competitors, or made public with the intention of
   embarrassing the company.
   - Losing data—sensitive or otherwise—may mean the company is out of
   compliance with industry and/or governmental regulations.
   - "Paying a hacker in these situations not only incentivizes further
   attacks, but it provides criminals with the funds they need to continue
   their operations," said Carl Herberger, vice president of security
   solutions at Radware.

*Prepare for the inevitable*

There is a watershed movement occurring—cybersecurity professionals are
changing their focus from prevention to recovery. Prevention is not the
be-all and end-all answer, so why not be as prepared as possible to recover
from the inevitable cybersecurity incident?

"There are no guarantees in life, but there are things that individuals can
do to minimize the risk of being infected with ransomware," explains
this FraudWatch
International post
<https://fraudwatchinternational.com/malware/ransomware-protection-security-essentials/>.
"In the event that someone is infected with ransomware, they can also take
steps to minimize the impact and damage the attack will cause."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20181231/0c54e2be/attachment.html>


More information about the BreachExchange mailing list