When a large company is attacked by ransomware it makes the news. We see it all the time. It's natural to think those larger companies are the primary target for criminals looking to make big bucks by collecting large ransoms, but the truth is small and midsize companies are also subject to these attacks and be even be targeted more often than the larger companies.
In this episode of Stimulus Tech Talk, CEO Nathan Whittacre sheds light on the alarming rise of ransomware attacks and their profound impact on small to medium-sized businesses (SMBs). While ransomware may be a familiar term, many may not fully grasp the extent of its devastation, especially when it comes to smaller enterprises.
What is Ransomware?
Ransomware is malicious software, which encrypts a victim's data and demands a ransom for its release. The first ransomware attack occurred in 1989 targeting the healthcare industry, which remains one of the top targets for attacks. Over the past thirty years, ransomware attacks have increased exponentially in targets and in sophistication.
Ransomware operates surreptitiously within a network before it strikes. Hackers often use deceptive emails or malicious links to introduce the ransomware to a victim's system. These seemingly innocuous emails may contain attachments resembling invoices or documents from trusted sources, making them difficult to discern from legitimate files.
Once inside the system, ransomware lies dormant, collecting valuable information about the network's structure and data. This trove of data is like a goldmine for hackers, allowing them to strategically target and encrypt critical files. Imagine a scenario where your company's financial data, important documents, and critical applications are held hostage, and you have no access to them unless you pay a hefty ransom.
Why Small and Medium Businesses are Vulnerable to Ransomware Attacks
When it comes to ransomware, it's no surprise that SMBs are prime targets. Nathan Whittacre explains that these businesses are often considered "low-hanging fruit" by hackers. Due to their limited security resources and sometimes lax protocols, SMBs become easy prey for cybercriminals seeking to infiltrate their networks.
Should Businesses Pay the Ransom?
The big question is whether paying the ransom is a viable solution. While it's not recommended, the reality is that some businesses may find themselves in a situation where paying the ransom becomes the quickest path to recovery.
However, there are significant risks associated with paying ransoms. The U.S. government has linked many ransomware attacks to terrorism, and by paying a ransom without involving authorities, a business may unknowingly contribute to these illicit activities. It is crucial to report any ransomware attack to the proper authorities, like the local FBI office, and work closely with them to make informed decisions.
What Are the Immediate Steps a Business Should Take When Attacked by Ransomware?
If a business finds itself the victim of a ransomware attack, the first call should be to their IT professional. Swift action is essential to halt the attack's progress. This should be followed by reporting the incident to the authorities, as they can help track down the culprits and prevent further damage.
A Few Steps In Preventing Attacks
Prevention is undoubtedly the best approach when it comes to ransomware. Here are three key strategies to safeguard your business:
-
- Implement Next-Generation Antivirus Systems: These systems focus on behavioral analysis of software, making it harder for ransomware to infiltrate.
-
- Embrace Zero Trust: By monitoring and restricting software behavior, you can prevent abnormal actions that may indicate ransomware activity.
-
- Maintain Disparate Backup Systems: Ensure your backups are stored separately from your regular network, making them immune to ransomware encryption.
While no system can provide 100% protection against ransomware, these precautions significantly reduce the risk and can expedite recovery in case of an attack.
Ransomware can cripple businesses, regardless of their size. SMBs, in particular, are targeted due to their vulnerability. It's crucial to stay vigilant and proactive in protecting your business against this threat. By combining advanced security measures and a robust backup and recovery strategy, you can significantly reduce the chances of falling victim to ransomware and ensure your business remains resilient in the face of cyberattacks. Remember, prevention is the best defense against ransomware.
Stimulus Tech Talk Episode 6: Top Strategies for Ransomware Protection in Businesses transcript
SPEAKERS
Sherry Lipp, Nathan Whittacre
Intro 00:00
You're listening to stimulus Tech Talk, a conversation based podcast created by stimulus technologies that covers a range of topics related to business and technology.
Sherry Lipp 00:16
Welcome to Stimulus Tech Talk, I am Sherry Lipp, marketing manager at Stimulus Technologies. I'm here with Stimulus Technologies CEO Nathan Whittacre. And I'm excited about our topic today we're going to be talking about ransomware. Welcome, Nathan.
Nathan Whittacre 00:31
Thanks for inviting me, as always.
Sherry Lipp 00:33
So to get started, I know everybody's heard about ransomware. It's in the news a lot. But I think a lot of people are not aware of its effect on small to medium businesses. Are they targets of ransomware?
Nathan Whittacre 00:49
Yeah, they're probably the biggest targets of ransomware. Because small to midsize businesses are often low hanging fruit. You know, they don't have the security protocols and technology in place to prevent the type of infection that causes where ransomware on the network. And so they're often targets, because they're generally easy targets for for these, these hackers. Also, a lot of small businesses don't have the backup infrastructure in place to get their company back up and going after an attack. And so they're most likely to pay the ransom to get their data back.
Sherry Lipp 01:29
So how does ransomware work when somebody's infected with it?
Nathan Whittacre 01:33
Yeah, so companies get ransomware. Usually, an unsuspecting person downloads it on one of the computers. And it's often comes through email, or some type of link that they click on their computer that looks like a legitimate piece of software. But it has a payload attached to it that infects a computer. And generally ransomware is in the network for some time, before it activates. So it's sending information back to the hackers about the type of data they have, where they store their data, and how they how they use their systems. And this This information is collected is a goldmine for the hackers. And the way ransomware really works as it is in encrypts all the data that it has access to. And a lot of users will have access to all the data inside the company. So think about a file server that you have access to where you have, you know, storage of your Excel documents, Word documents, PDFs, maybe your accounting system, your data for your line of business application. And once it discovers where all that data is, it will encrypt all that data with a with a key that only the hacker has. And so once that data is encrypted, the only way to get that data back is to either restore from the original version from a some type of off site data backup, or by paying the hacker or ransom to give you the encryption key to get that data back. And usually this encryption happens overnight when nobody's in the office. So So you know, you walk in in the morning, and you have the screen that's popped up on one or more computers that says your data has been ransomed, you have a certain number of time to pay the ransom, or will delete all the data. And if you don't have good backups or can't get them back in time, a business will have to pay that that ransom to get their data back and get up and running.
Sherry Lipp 03:47
So they can have the ransomware in their system before they even know, what are some of the ways that that actually gets in there?
Nathan Whittacre 03:56
So like I mentioned, email is probably the biggest way that hackers are still getting in, you'll get an unsuspecting link or file. I often see like attachments that are PDFs or the you know, the look like invoices or something you'd receive from a vendor. A word document is often a way to get in or just clicking on a website, or link to a website that's downloading that data. It's usually a small little small file or a macro or something inside an existing document. And that will download the payload payload that will get that software into the system. And, you know, a lot of times we think with other types of infections, you don't necessarily or a lot of infections need administrative privileges to do a lot of damage in the system. But with ransomware any user that has access to any data on the system could accidentally download the ransomware and get you know affect the entire network. can encrypt the entire network. So it's usually downloading something or some type of link that comes in through email. And it's I mean, it's been around for, you know, that type of way to get into a network has been around for, you know, 30 or 40 years. So it's, it's a pretty common method of deployment for these hackers. And it's tried and true.
Sherry Lipp 05:22
Are there different types of ransomware?
Nathan Whittacre 05:25
There are millions of different types of versions of ransomware. Now, and that's the problem with anti virus, you know, old style anti virus is looking for specific keys or specific file types, and, or what we call signatures. And what the ransomware makers are doing is just making small modifications to their ransomware, their software, and it bypasses a lot of the antivirus systems, because it's a different signature with each ransomware. And so they just have to create a new iteration of the ransomware. And now the old style anti virus is not going to stop that from coming into the system. Now, a, if you're running a second generation or a new style of antivirus, it does a better job of preventing ransomware from getting into the system. But it still isn't foolproof, but what we're looking for now is, you know, is behavioral analysis of software on the systems, and so it's really hard for antivirus to detect and stop ransomware from getting in.
Sherry Lipp 06:42
And so the big question businesses probably have is, should they pay the ransom?
Nathan Whittacre 06:47
Well, that is a tough question. And, you know, the the problem is, with a lot of these ransomware systems is they'll often encrypt the backup also. And so I've run into instances where businesses have brought us in for consulting and remediation services, after they've got gotten into ransom and said, hey, you know, you know, help us out, protect us, you know, and the problem is, is, you know, it's, the protection had to have happened before the ransom infection. And so if they don't have the proper offsite backup services in place that is on disparate systems, which we could get into a different mock podcast on, you know, backup and recovery services. But it may be the case that you have to pay the ransom, to get your to get your software and systems back up and running. So it's not my recommendation at all. But in the end, it's your business. And if you have to do it, you have to do it. There are some implications with paying a ransom because the US government has identified that most of these ransomwares are tied to some type of terrorism. And so there are potential provisions that if you don't get the authorities involved through the process, that you may be liable as a company, which is really scary, for funding terrorist organizations. And so it's, it's really important that if you do have a ransomware attack that you report it, usually there's a local FBI office that you can report it to, and work with them on making these decisions on whether or not you need to, or how to how to go about it. So if you do ever have this type of attack that happens to your network, you know, don't just automatically pay the ransom, make sure you take the time to contact the authorities, contact, you know, security professionals to make the proper decision on it.
Sherry Lipp 08:44
So business shouldn't assume that just because they're small, they're not going to get help from authorities on this?
Nathan Whittacre 08:50
Yeah, you know, there's, there's a lot of groups out there that are doing ransomware. And these are large, multinational organizations that are collecting these ransoms. And like I said, they're tied often to terrorist groups. So an attack on a small to midsize business could be part of a larger network and the authorities do want to know about that. So the FBI and local police are often have dedicated units to help businesses and individuals with these types of attacks.
Sherry Lipp 09:19
So if somebody does come in, in the morning, they open up their computer and get the you know, that message, everything's locked up, what is the first step that they should take? Because is it reporting it to authorities?
Nathan Whittacre 09:33
So your first call should be your IT professional, your second call should be to authorities. And, you know, the need to identify and stop any further attack. One of the issues that could happen is, you know, the attack is still ongoing. And so shutting down, you know, the systems and making sure that backup services are in place and could potentially recover from the ransomware attack without having to pay the ransom. Um, so it's two immediate phone calls, and discovering where you know what the next steps are with your profession outside professionals.
Sherry Lipp 10:11
Okay, and so probably the bigger question that people would want to answer is what can they do to prevent this in the first place?
Nathan Whittacre 10:18
So I mentioned a couple of things briefly through through the interview is, one of them is having next generation antivirus systems in place that are looking at behavioral analysis of the software running on the systems. The other step is, you know, looking at implementing zero trust across the network. So this again, looks at the behavior of all the software that's running on your systems and not allowing the software to behave outside of its norms. And also looking at like, you know, what, what systems are accessing what data different times you know, software, suddenly, like looking at all the software or all the files on your system at two o'clock in the morning, that's not normal behavior. And so having these systems in place that are monitoring your technology, 24/7 365 is essential. And then the third part is having backup and data recovery services that are, well we we use the term disparate systems, which means that are disconnected from your regular network. So the backup occurs out to a system and then it disconnects from your systems, your regular system. So if you have to restore your data, it's it's protected, it's not part of any system that can be accessed from any other computer on your network. And so I wouldn't say, and you can implement all the security technology that you want, and could pay for, but it's not 100% guarantee, protecting you against ransom. There was an incident that I heard about this week that another company had all these systems in place, they had next generation antivirus, they had 24/7 monitoring, they had zero trust built into the network. And then you know, somebody made a mistake, disabled some some of it on a computer for trial, and got infected, didn't know about it, and they ended up getting a ransomware in the end. So it isn't foolproof. But luckily, if you do have those backup systems in place, you should be able to restore and recover from a ransomware event.
Sherry Lipp 12:34
So I think like the takeaway is that you need to stay on top of security and not just have one, one method. So of having backup in place. One last question here. Will that prevent you from needing to pay a ransom? If you have everything backed up?
Nathan Whittacre 12:51
It should? And this is a question you need to talk to your IT professionals about because some companies still end up paying the ransom because it's faster to recover from a ransom by paying the ransom or a ransomware by paying the ransom than to recover your data from backup. So you know, the question you need to talk to your IT professionals about is if I do have a ransomware attack, and I do need to restore the data, how long is it going to take for me to recover my systems in the event of an outage. And so a lot of there was an instance a few years ago that a healthcare network paid the ransom, even though they had proper backups, because they could get up and running by paying the ransom within a day. And it would have taken them over a week to restore functionality from backup. And so that's that's a very important question to ask your IT professionals is how long does it take to get my data back? If I do have to restore from backup and if it's weeks, then you need to come up with a new system. So the hopefully the answer is, is within hours. You can be back up and running. And there are ways to do that, even for small to midsize businesses be back up and running within a short period of time. So definitely a discussion to have with your IT professionals.
Sherry Lipp 14:07
Definitely so I can say well, we'll probably be talking about creating a disaster recovery plan and the future podcast so be sure to stay tuned for that and thanks so much, Nathan.You'
Nathan Whittacre 14:20
You're welcome. Thanks, everybody.