A ransomware attack puts a range of things at risk, including revenue, reputation, viability and jobs. Yet despite its rising prevalence, most businesses, especially those in the mid-market, aren’t prepared to face the threat.
In a survey from Barracuda Networks with a focus on small- and medium-sized businesses, 92% of people surveyed said they are concerned about ransomware hitting their organization—and nearly half, or 47%, of respondents had been victims of ransomware already. Of those ransomware victims, 59% were not able to identify the source of attack—a sad complement to the fact that many organizations are often unaware that their network had been breached at all.
The ramifications are significant. “Next to phishing, ransomware is undeniably the most successful and profitable style of attack for cyber-criminals,” said Hatem Naguib, senior vice president and general manager of the security business at Barracuda, in a blog. “It’s estimated that last year alone, ransomware scams cost victims nearly $1 billion worldwide. And it’s no wonder it’s become so successful—it is based on the old-fashioned criminal model used by gangs and the mafia for many years, newly available in a digital format. Digital transformation is alive and well for businesses and criminals alike.”
The impact of an attack can have a ripple effect; Barracuda pointed out the example of a police department in Texas that was hit with ransomware and lost eight years of evidence, potentially causing criminals to be set free. Or the case of the Washington DC police, who lost 70% of their surveillance cameras leading up to the Presidential inauguration, leaving a gap in security.
Worse, ransomware is evolving over time, moving from simple extortion gambits to something much darker, in some cases destroying data permanently as opposed to encrypting it. And the future could be even scarier: imagine a tactic where the victim is forced into making ongoing payments to keep their data available. Naguib dubs this specter “protectionware”.
One key to avoiding becoming a victim is understanding how ransomware enters the system. In the survey, of the 41% who could identify the source, 76% reported that the ransomware attack came through email.
“Email remains one of the most widely used business communications tools, as well as one of the most commonly targeted threat vectors,” Naguib said. “These findings underscore the importance of layered security for email—at the gateway, for internal messaging, and certainly for one of the most often overlooked areas, education for employees who can be the weakest link when it comes to protection against threats such as ransomware.”
Combatting the perception issue is an important undertaking as well—ransomware affects the mid-market as much as the big fish.
“A common misconception is that small and midsized businesses think they are unattractive attack targets and by default, safe,” said Naguib. “In reality, these organizations are often more prone to attacks as they’re assumed to have fewer staff, technology, and resources to combat targeted attacks.”
And on a related note, user behavior can be the weakest link, and it is inevitable that someone will eventually click. However, education is a critical piece of a solid data protection strategy as attackers increasingly look to exploit “human networks” in targeted phishing and spear phishing campaigns.
And, as always, the best approach is to devise and implement a comprehensive backup recovery plan that will allow the recovery of all encrypted files with minimal effort.
“It’s important to note that even if you’ve already been hit, you’re not immune from future attacks,” Naguib concluded. “In fact, some attackers might view your organization as an easy target and begin making plans for an attack with even greater consequences.”