Now more than ever, Ransomware is detrimental to small and medium sized businesses

According to the second quarterly AppRiver Cyberthreat Index for Business Survey, more than 55 percent of executives at small-to-medium-sized businesses (SMBs) admitted they would pay ransomware attackers in order to recover their stolen data. For larger SMB’s, employing 150-250 employees, this number surges to 74 percent. In recent years, launching ransomware attacks has become a lucrative vocation for cybercriminals. While the number of attacks on the public sector has decreased in response to the COVID-19 crisis, the private sector has remained largely unaffected.

Ransomware is a type of malicious software that restricts access to the system it infects until a ransom is paid. For SMBs, ransomware attacks are not anything abnormal or new and in fact, they might even be considered a standard operating routine. According to Infrascale, a cloud-based disaster recovery company, 46% of SMBs have fallen victim to a ransomware attack. Meaning almost 1 in 2 SMBs has come into contact with ransomware. Moreover, they found that of the SMBs who have been victim to a ransomware attack, 73% have paid their assailant. Infrascale’s research is based on a survey of more than 500 CEOs, CTOs, and CIOs of SMBs. With ransomware not being a new phenomenon, it is surprising to hear how many organizations are willingly open to pay.

SMB: neglects security

Cybersecurity Industry: no one is immune to ransomware attacks and security needs to become a priority before your organization becomes a victim

SMB: ignores recommendation *gets infected with ransomware*

Gasping Pikachu

Leveraging COVID-19 to Launch Ransomware Attacks

One would be inclined to consider that during a global crisis the world would be uniting to combat COVID-19. The middle of a pandemic is arguably the worst time to be hit with ransomware, and this is especially serious for healthcare providers. This week alone, the World Health Organization (WHO) reported a fivefold increase of attacks directed at its staff and some 450 active WHO email credentials were leaked online.

Unfortunately, the reality is a global health crisis does not stop deranged individuals. Likewise, cybercriminals are using this unprecedented time to prey on unsuspecting organizations for a personal benefit like financial gain. Scammers are impersonating WHO officials and directing the public to an unauthentic account and not the legitimate COVID-19 Solidary Response Fund in an attempt to deceive those wanting to contribute to the response efforts.

It is also worth noting that enterprises and SMBs alike are financially distressed because social distancing has prevented consumers from spending. Moreover, many are reliant on government support for survival and are now less able to pay a ransom than they were before the pandemic. From a big picture perspective, getting hit by ransomware could be the last straw that breaks the camel’s back and takes an entire business out of operation.  

Despite the new work from home (WFH) working arrangement introducing potential security gaps, it paradoxically has also created challenges for ransomware attackers. An attack on a single computer disconnected from the corporate network is not effective for getting a ransom. Additionally, the suspension of non-essential organizations reduces the pool of viable victims for cybercriminals. Regardless, this cutback is temporary, and we can expect the number of public ransomware attacks to return to normal levels. 

Barricades in Ransomware Preparation

Despite 83% of SMBs from the Infrascale study saying they feel prepared for a ransomware attack, the same survey reveals that 78% of SMBs in the business to business realm have already paid a sum in a ransomware attack. This seemingly high success rate and reaction only fuel the efforts of attackers because cybercriminals use the ransom to commit more crimes and expand their operations. In addition, organizations that pay the ransom are also at a higher risk for being targeted again because like any business, ransomware attackers love repeat customers. As long as the opportunity for payout remains, they will continue to target the same organization.

Traditionally, the silver bullet to ransomware attacks was having regular backups a business could resort to. However, the ransomware today is more intricate and in some cases infects the backup system in addition to the production environment. This means there is no longer a perfect ransomware mitigation strategy. Of course, having cyber insurance and backing up to an off-site location are great protections. However, this can be a dicey situation as organizations that publicize cyber liability insurance coverage are likely to have an increase in the amount of ransom demanded. 

The best protection against ransomware is prevention. Private SMBs tend to lack preventative controls like internet security, user education, and proactive protection like data backups. As a result, many are completely blindsided by ransomware attacks with 17% blatantly admitting they do not feel prepared. The absence of ransomware preparation can be contributed to the difficulty in allocating resources, time, and human capital. With the exception of larger SMBs, almost a third of SMBs admit they do not have the time to research ransomware mitigation solutions. The small cybersecurity talent pool also makes it difficult to recruit qualified security professionals. In which case experienced cybersecurity professionals often come at a premium that SMBs do not have the funds for.

Why be prepared, if you can just pay the ransom?

The damage organizations face from a ransomware attack range from financial loss, decreased public image, and the forfeiture of irreplaceable data. As such, threat actors know many SMBs cannot afford this and thus, their propensity to pay is incredibly high – making them very attractive targets. While SMBs might boast of having security and ransomware vigilance, the Infrascale numbers indicate the truth that 43% of SMBs say they have paid between $10,000 to $50,000 to ransomware attackers.  These SMB figures are on the lower end of ransomware demands and often only support the recovery of a small portion of the compromised data.

Having deep ransomware pockets or bitcoin stashed away is not indicative of ransomware preparedness. Not to mention that paying a ransom does not guarantee an organization will recover their data or even gain access to their systems. Instead, it negligently rewards criminals and gives you zero guarantee that your data will be unlocked or leveraged against you. Nonetheless, preparing for a ransomware attack can limit the probability of an organization falling victim and lessen the severity of its impact. An organization's ability to withstand a temporary outage or extensive recovery effort can also signal to cybercriminals that they do not stand a good chance of getting paid. This also can aid organizations in quicker response times, less downtime, and a sustained reputation.

What is your organization doing to protect itself from ransomware and avoiding the dilemma of rewarding criminals by paying a costly ransom? Contact Silent Sector today to evaluate your current state of preparedness and provide professional support to secure your environment.

About the Author

Written by Haidon Storro

Cybersecurity Research & Content Manager, Silent Sector -- Haidon Storro is a Cyber Security Analyst for CVS Health. She has her BS in IT Cyber Security as well as security certifications like CompTIA Security+ and ISC2. While Haidon is newer to the security community, she has dedicated herself to learning as much as she can through internships, online courses, and conventions like DefCon. In her free time, she enjoys reading about new advancements in technology, going to security meetups and participating in cyber defense competitions. One of Haidon’s goals is to make the connected world safer by bridging the human aspect with technology.