Ransomware is the fastest-growing and most pervasive cyber threat in the world. Recently, it has infected the likes of FedEx, Deutsche Bahn, and Britain’s National Health Service.
The thing is, you don’t need to be a national bank or healthcare provider to fall prey to ransomware – or any other malware.
In fact, small and medium-sized businesses are just as likely (if not more) to be attacked. And they’re far less likely to recover from an attack.
(We aren’t saying any of this to scare you. We just think you should know what you’re up against.)
Lesson 1: you’re not too small to get hacked
Ransomware is a computer virus that threatens to delete or publish your files unless you pay a fee – hence ‘ransom’-ware. (For more info, check out our Business Guide to Ransomware).
It worms its way into your system by exploiting gaps in your security perimeter or tricking users into downloading it.
Once it has infected one machine, it then looks for all network shares which that machine has access to and encrypts all the files on that network. If that machine has access to your back-up files, it’ll encrypt that too.
At this point, you receive an automated message asking for a ransom to be paid in Bitcoin, a digital currency, and a warning that your files will be deleted or exposed if you don’t pay up.
You would think big businesses would be the main target of this kind of attack. But cybercriminals tend to go after many small payments rather than one big one – so growing businesses are an ideal target.
And their reach is vast. One person alone can target thousands of businesses from their bedroom. They create huge email lists and infect countless links before sending them to as many people as they can.
You might think none of the staff in your office would ever click on a link in a dubious email. And you’re probably right for the most part. But it takes one person to make one mistake – and everything could go wrong.
Lesson 2: paying isn’t easy
You’re probably thinking that if you ever got hit by an attack, you’d just pay the ransom, get your files back and move on.
The bad news: it’s not that easy.
Cybercriminals don’t use conventional bank accounts. And they often want their victims to pay them in Bitcoin to an anonymous account on the Dark Web – the murkiest parts of the internet that can only be accessed through certain browsers.
So not only do you have to pay someone for committing an illegal act against you (no fun) – you’ll probably end up in some shady pawn shop trying to get the crypto currency you need to make the payment.
And even if you do manage to locate the account and pay your Bitcoin ransom payment, there’s no guarantee you’ll get your files back.
(Again, we aren’t trying to scare you. But you do need to know.)
Lesson 3: You’ll probably get hacked
No-one wants to get hacked. But a lot of growing businesses don’t treat security nearly as seriously as they should.
For instance, you might be thinking you’ll make some changes once your five-year server maintenance contract runs out.
But the number of ransomware attacks grew by 300 percent in 2016 [1] and this trend shows no sign of slowing down.
It’s easy for you to get targeted. It’s easy for one of your colleagues to fall for it. And it isn’t easy dealing with an attack.
So if you want to avoid the worst, you need to start working from the assumption that you will get hacked. It may not be ransomware. But you do need to act with the urgency of someone expecting an issue – rather than praying against it.
In which case, it’s worth asking your IT service provider questions about:
When it comes to security, there’s nothing worse than doing nothing. You don’t want to go out and buy all sorts of new tech. But you can start asking the right questions, and educating yourself enough to make a smarter decision.
Where the cloud comes in
The cloud offers better security than your business could afford on its own. So it’s worth looking for ways to use it to protect your files, applications, and desktops.
—
[1] Ransomware attacks grew by 300 percent in 2016, BitDefender