A recent surge of Ransomware attacks on Small to Midsize businesses has caused many enterprises to re-evaluate their disaster recovery and security strategies. The reason these organizations have become a main target is due to their lack of funds to implement strong security measures. Ransomware attacks encrypt the files on a system, holding them hostage until the ransom is paid. Currently, the average price ransomware victims are paying is $679, a $385 increase from 2015. This malware can stealthily pass through IT networks undetected through phishing attacks, exploit kits, removable devices, or external network shares. Many new types of Ransomware are undetectable by antivirus programs. According to, PhishMe, Ransomware grew over 600% in 2016 and the total estimated losses of over $1 billion. Ransomware has become one of the most dangerous weapons cybercriminals can use against organizations and consumers.
In 2016, reported cases of ransomware attacks caused, 30% of businesses to lose revenue and 20% of businesses to go out of operation. It can take a business more than nine hours to recover, losing both revenue and time. Businesses can be forced to shut down all systems to handle the attack depending on the magnitude of the compromise. A shut down will not only cause the organization a loss of money, but also a loss in reputation. When affected by ransomware, businesses often pay the fee to get their data back, regardless of the price due to time sensitivity. However, often, even if the ransom is paid the attackers will still destroy all data. Security experts recommend not paying the ransom; consulting a firm, like LIFARS during an attack can help minimize loses. The long-term effects of an attack can be more costly than the initial impact.
It is essential for Small and Midsize organizations to be aware of current cyber threats, and make building strong defenses and disaster recovery a priority, using a multi-layer approach. It is recommended that small businesses hold employee awareness training, system updates, software patches, regular backups, and layered security. Many ransomware attacks come through phishing and use of social engineering tactics, which employees become victim of. Educating and training employees of the malware, tactics used, and how it is distributed will decrease the chance of a ransomware attack.
It is also important to constantly update applications, so the malware doesn’t come through a vulnerable and outdated source. Continually securing copies of data is vital to the businesses and should be kept at an offsite location, so if affected by the malware the company can run a scan on the infected machine and then restore the computer using the backups.
There should also be multiple sets of copies since ransomware works silently and encrypts files over a period of time, sometime even encrypting the backup data. This will save money and valuable resources. Implementing a multi-layer approach and frequently monitoring sensitive data can also help detect and stop ransomware attacks in their tracks.