As attention on ransomware grows—from both law enforcement and media—cybercriminals are looking for new avenues for attack. In recent years, ransom attacks have switched up the steps to a classic scheme. Instead of threatening to steal your data if you don’t pay a ransom, they’re starting there, then demanding a payment with a very real threat of making your stolen data public.

According to the 2022 Data Breach Investigations Report by Verizon, the number one attack on small businesses last year was ransomware. Ransomware attacks hit a new target every 14 seconds, disrupting operations, stealing information, and exploiting businesses. And with the average ransomware at $70,000, a breach can be catastrophic for small businesses who end up as the targets of cybercriminals.

How does it work?

Typically, a ransomware attack starts with hackers installing file-encrypting malware onto an organization’s networks and then displaying a ransom note on every screen. But in an effort to exploit more money and information, criminals have been stealing data before locking an organization out, then demand payment or risk the attacker exposing your company and clients’ private information. This focus on data extortion allows hackers to carry out their attacks more quickly and eliminates their reliance on encryption tools, which can sometimes fail mid-attack.

For organizations like banks, hospitals, and schools, their leaders may be more willing to pay to prevent data leaks because of the sensitive nature of their information. And for small businesses who lack a strong understanding of cybersecurity and the resources to prevent attacks, they may pay because it feels like their only option.

Prevention is key

The ideal strategy is to keep ransomware assaults from happening in the first place, but prevention can be tedious, challenging—and expensive. Small businesses don’t have the same budget for security as large corporations, but there are still measures you can take to protect your business. These include:

• Enabling strong spam filters to prevent phishing emails from reaching end users. Even by reducing the potential of phishing emails reaching your employees, you can prevent a cyberattack from occurring.
• Educating employees with cybersecurity awareness training. Since human mistakes are the cause of most security breaches (82%), providing ransomware training for employees is a crucial step that institutions can take to reduce their cybersecurity risk by helping staff identify, respond to, and circumvent attacks.
• Third party cybersecurity assessments. Institutions must identify and address known security gaps that can enable a ransomware infection.
• Updating and patching software. In 2021, one of the biggest vulnerabilities occurred when it was discovered an open-source Apache logging framework had a flaw that allowed hackers to exploit vulnerable systems. Fixing the problem required a hastily-made patch, but many companies continued to leave themselves vulnerable simply because they didn’t take that step. Preventive maintenance is essential for a secure and safe environment against malware.
• Locking down Remote Desktop Protocols (RDP). Institutions can also limit their security risk by adhering to the principle of “least access” to grant employees the minimum levels of access or permission needed for their job.
• Validating remote access to the organization’s network.
• Requiring multi-factor authentication for all accounts. Not only should you implement controls like multifactor authentication (MFA/DFA), email filters, hold data security training for your workforce, and encrypting your laptops, but you also need to verify those controls. Once your processes are in place, run periodic tests on select controls, to validate that they are working as intended.
• Testing backup procedures to ensure critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack. Make regular backups and test backup procedures to ensure critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack. Additionally, make sure your backups are isolated from network connections.
• And if you can afford it, you should consider purchasing cyber insurance. Any business that deals with sensitive information—including credit card numbers, medical information, and Social Security numbers—should have cyber insurance to protect customer information, industry relations, and business reputation.

Some of these safety measures are not only low cost, but they can also be taken today and will help prevent a cyberattack from happening. Although an attack on RDP doesn’t require much skill, the impact can be significant, compromising an organization’s server and resulting in the potential loss of remote access service.

Organizations can also utilize network design and segmentation to limit risk by restricting ransomware intrusions to a portion of the network instead of the whole system. With multi-layered security solutions, if a single security element fails, another layer will be in place to compensate.

What happens if I become a victim of ransomware?

Unfortunately, even with multiple protective measures in place, there is only so much financial institutions can do to avert a ransomware attack. When a breach happens, the institution must respond immediately to mitigate the impact.

Once the situation has been contained, follow-ups for incidents should include:

• The elimination of the intruder’s access and full analysis of any other weakened or compromised areas in your cybersecurity
  
• The restoration of systems, programs, and data to a “known good state” (using available offline or offsite backups)
  
• The initiation of customer notification and assistance activities in compliance with laws, regulations, and interagency guidance for your industry
  
• Continuous monitoring to detect similar or further incidents

While incident containment strategies can vary between different entities, they typically include the isolation of compromised systems or enhanced monitoring of intruder activities; the search for additional compromised systems; the collection and preservation of evidence; the communication with affected parties; and the contact of law enforcement and any insurance providers.

Ransomware and other cyberattacks can be detrimental to your company’s reputation, customers, and profits. Not only are the consequences usually severe, but there is no guarantee that your business will get its data back after the sum is paid. Although there is no way to completely prevent a breach, a strong cybersecurity program can help you mitigate your risks and be better prepared to respond to an attack.

We’re here to help

By understanding how a cyberattack will impact your organization, you can better develop proactive and systematic processes like business continuity and recovery plans. Having pre-defined procedures to declare and respond to an incident can be essential to effectively containing and recovering from a ransomware attack. 

Xamin is a technology, compliance, and security services firm specializing in regulated and reputation-sensitive organizations. As a trusted IT partner, Xamin takes the time to understand each of our client’s unique challenges. We integrate with our clients’ established systems—no matter their size or complexity—and provide guidance that aligns your organization with the right technology, security, training, and policies. And with an unmarred SOC 2 certification, we hold a proven, layered approach to cybersecurity guaranteed to meet the stringent requirements of regulatory guidelines and compliance.