Security

How SMBs can minimize damage from ransomware attacks

The costs incurred from a ransomware attack can devastate SMBs, but there are ways to minimize the impact.

istock-803934282.jpg
Image: Zephyr18, Getty Images/iStockphoto

There has been a lot written about how businesses can avoid being digitally defrauded by ransomware. "A ransomware infection often starts with someone clicking on what looks like an innocent attachment, and it can be a headache for companies of all sizes if vital files and documents (think spreadsheets and invoices) are suddenly encrypted and inaccessible," writes ZDNet's Danny Palmer in the article What is ransomware? Everything you need to know about one of the biggest menaces on the web. He adds: "If you are attacked with file-encrypting ransomware, criminals will then brazenly announce they're holding your corporate data hostage until you pay a ransom in order to get it back."

SEE: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)

Even with all the warnings, the success of ransomware is unparalleled, and to make matters worse, digital fraudsters are now targeting smaller businesses, which typically do not have sufficient resources to even begin to combat ransomware. The cost is frightening. This RiskIQ infographic states that ransomware costs businesses $8 billion a year.

As to how ransomware is affecting smaller businesses, Datto, an organization that pairs small businesses with managed-service providers (MSPs), surveyed 1,700 MSPs that work with a combined 100,000 Small and Medium-sized Businesses (SMBs) and posted their findings in the paper Global State of the Channel Ransomware Report. The paper begins by mentioning that 99% of the survey participants agree the number of ransomware attacks will continue to increase. Next, Robert Gibbons, chief technology officer at Datto, states that approximately 75% of the MSPs queried said their SMB customers experienced "business-threatening" downtime as a result of a ransomware attack. That is a rather bleak outlook.

To pay or not to pay?

In TechRepublic contributing writer Jesus Vigo's post The ransomware debate: Should you pay to get your data back?, looks at whether it makes sense to pay the ransom or cut losses and get up and running as soon as possible. "It's clear that both camps can cite a variety of reasons to support the decisions they make," concludes Vigo. "I feel, personally, that it isn't so black and white, and that each scenario should be addressed based on the circumstances rather than choosing an answer based on a preset plan."

Vigo looked at the plusses and minuses of ransom payment a little more than a year ago. Due to what's at stake, it seems appropriate to revisit this debate. According to Datto's Gibbons, "The impact of downtime affects SMBs far more than the cost of ransom requests."

So, it's not surprising that business owners who want to regain control of their data and infrastructure as quickly as possible are willing to pay the ransom even though the odds are against them. Reports from various security research firms (including Bitdefender and CyberEdge) state that between 45% and 55% of businesses that pay the ransom are unable to recover their data.

SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)

Not so fast

The typical talking line for security experts is to never pay a ransom; however, that's easy for them to say—they're not the ones who have to make that painful decision. Still, those who are facing that decision are now more likely to say no to ransom demands.

CyberEdgeGroup's 2018 Cyberthreat Defense Report stated that of the 1,200 IT professionals surveyed, 55% experienced a ransomware attack; of the 55%, only 19% paid the ransom. The report also mentions those who refused to pay the ransom had backups allowing them to quickly recover and get back to business as usual.

Are backups the answer?

A bulletproof backup system seems to be the answer, as loss of data is the most pressing issue according to companies surveyed by Radware. "Businesses are most concerned with their data when hit with a cyber-attack," mentions the report. "Respondents noted that data leakage was their top business concern, followed by reputation loss and service outages."

Besides being unable to function normally due to lost data, business owners have additional concerns:

  • Getting data back is no indication the information has not been used by the attackers, sold to competitors, or made public with the intention of embarrassing the company.
  • Losing data—sensitive or otherwise—may mean the company is out of compliance with industry and/or governmental regulations.
  • "Paying a hacker in these situations not only incentivizes further attacks, but it provides criminals with the funds they need to continue their operations," said Carl Herberger, vice president of security solutions at Radware.

Prepare for the inevitable

There is a watershed movement occurring—cybersecurity professionals are changing their focus from prevention to recovery. Prevention is not the be-all and end-all answer, so why not be as prepared as possible to recover from the inevitable cybersecurity incident?

"There are no guarantees in life, but there are things that individuals can do to minimize the risk of being infected with ransomware," explains this FraudWatch International post. "In the event that someone is infected with ransomware, they can also take steps to minimize the impact and damage the attack will cause."

Also see

About Michael Kassner

Information is my field...Writing is my passion...Coupling the two is my mission.

Editor's Picks

Free Newsletters, In your Inbox