Don’t Become a Hostage to Ransomware
If you’ve been following the business headlines this year, you know that ransomware has been all over the news. Reports generally focus on the major corporations when they become victims of an attack. These high-profile stories have a broader reach and a more universal appeal.
But many small businesses are also being deluged with ransomware cyberattacks, often in obscurity. Small businesses, already pushed to the bring during the pandemic with thin profit margins, are finding themselves victims of over half the ransomware attacks today. For these businesses, once the ransomware attack has occured, there’s limited options available and many choose to pay the ransom and get on with their operations.
While the FBI advises victims not to pay ransoms, they understand that some businesses need to make a difficult choice between shutting down for an extended period of time or paying the ransom to return to operations quickly. The FBI does advise that if you do decide to pay the ransom, you should still report it to their local field office.
Ransomware has skyrocketed
Ransomware attacks are now incredibly easy to execute, and payment methods, such as bitcoin, are hard to trace back to the cybercriminal. The digital nature of most businesses has made them increasingly reliant on their systems and infrastructure and more willing to pay ransoms when these systems are compromised.
The average ransomware payment climbed 82% since 2020 to a record $570,000 in the first half of 2021, as cybercriminals employed increasingly aggressive tactics to try and pressure organizations into paying larger ransoms. The increase comes after the average payment in 2020 jumped 171% to more than $312,000. With millions of people working from home due to the COVID-19 pandemic, the opportunities for exploitation reached an all-time high. Equally troubling was the increase in newer forms of attacks that have become even more sophisticated and disruptive.
Attacks are becoming more dubious
In 2018, only one known threat actor was using a technique known as double extortion. In 2021, there are now over 16 known ransomware groups that have been identified as using this tactic. With double extortion, the ransomware group doesn’t just encrypt your files until you pay their ransom, they exfiltrate your data and threaten to leak it to the internet or sell it to the highest bidder if you don’t pay up. In 2021, we’re also seeing an alarming growth of quadruple extortion, where ransomware operators combine as many as four different techniques:
Encryption: Your data is scrambled and computer systems are locked down
Data Theft: You’re threatened with the release of sensitive business data
Denial of Service (DoS): Your public facing websites are shut down
Harassment: News about the attack is spread to customers, employees, business partners, and the media
Some of the largest attacks have occurred in 2021
In March, CNA Financial, among the largest insurance companies in the U.S., reportedly paid $40 million to regain control of their network after a large-scale ransomware attack. The Chicago-based company paid the cyberattackers about two weeks after their data was stolen and officials were locked out of the network.
In May, a cyberattack on Colonial Pipeline led to the shutdown of the gasoline supply in much of the Eastern United States, resulting in fuel shortages in many of the southern states. Colonial Pipeline paid the $5 million ransom the day after Russian-based cybercriminals hacked their IT network.
In June, a ransomware attack on JBS, the supplier of meat to 20% of the U.S., impacted a quarter of their U.S. beef operations. JBS had to shut down systems for 2 days to limit the effects of the attack and reportedly paid the cyberattacker $11 million in bitcoin ransom to resume operations.
In July, IT firm Kaseya was hacked, leading to thousands of victims across at least 17 countries being locked out of their systems. The cyberattackers initially asked for a $70 million ransom.
The same group, REvil, was behind the attack on both Kaseya and JBS.
A small business is not too small to become a target
A small business faces the same risks of cybersecurity and ransomware threats as a large company. Despite the threats, 60% of small businesses don’t have a cybersecurity policy. Through automation, cybercriminals can target thousands of small businesses with a single attack. They know these businesses usually don’t have the technology defenses and resources of a large enterprise, making them easier targets for a lucrative payout.
The cybercriminals see other benefits in attacking a smaller business. Through partnerships with larger companies, many of these businesses share critical and sensitive data with their partner company. This makes the attack a potential gateway for a later attack on the larger company.
How can a small business defend against ransomware?
As a start, these businesses need to practice what’s known as cybersecurity hygiene, which is basically maintaining the health and security of all hardware and software. The first way to avoid being exposed to ransomware is to be a cautious and conscientious computer user. You and your employees need to be cautious about what you choose to download and click on. Other measures to protect your business include broader solutions:
Installing comprehensive protection for your entire network
Keeping operating systems, software, and applications are updated to the latest versions, because new versions often come with critical security updates
Making sure your antivirus software is set to receive automatic updates and that you perform regular scans
Backing up data routinely and making sure that you can access the backups
Securing your backups
Encouraging strong password management, and enforcing 2-factor authentication when possible
Developing a continuity plan if your business is hit with a ransomware attack
A comprehensive ransomware defense
Among the most important measures to complete your ransomware defense is to install powerful, advanced, and trusted protection to block threats before they reach your network. This is because cybercriminals can get ahead of the latest security updates on your operating system and develop new attacks before antivirus software programs can identify them. They can also attack smart devices that don’t have built-in security and use techniques to bypass firewalls.
People can make mistakes and passwords can be compromised, lost, or stolen. Without automated safeguards for your protection, any employee might also access sites or be tricked into clicking on a link in an email that opens the door to malware, phishing, or other forms of attacks.
Maintaining regular backups can help you retrieve your data, but they can’t help you if the cybercriminals have exfiltrated your data and threaten to leak or sell it. With the prominence of more and more sophisticated ransomware attacks, like double and quadruple extortion, your backups are not going to help you.
Okyo Garde by Palo Alto Networks can provide a comprehensive defense. Okyo Garde can protect your WiFi network and connected devices from ransomware and other forms of malware and phishing attacks, helping to keep your devices safe. Okyo Garde is built on industry-leading threat intelligence technology by Palo Alto networks that is trusted by 96% of Fortune 100 companies for their enterprise cybersecurity. To learn more about how Okyo Garde can help protect your business from ransomware and other cyberthreats, visit Okyo.
Editorial note: Our articles provide educational information to help keep you protected. Our products may not secure you against every type of cyberthreat, crime, or fraud. Our goal is to increase awareness and raise attention to cyber safety. If you choose to use Okyo Garde, please review the complete terms during purchase and setup.