Ransomware Hits Start-Ups and Small Business Hardest and Recovery are Difficult

Ransomware shows no sign of slowing down – with sometimes even daily new tools and techniques being devised to wreak more havoc.  With an increase in attacks from phishing emails and other social engineering preying on your employees.

When firms become victims of ransomware, it’s not just financial constraints and unexpected ransom expense that the business has to endure. The painstaking time to get systems salvaged and regain authority is also one factor. In fact, ransomware attacks can cost $500+ in Bitcoin. The offense gets a lot pricier if it can disrupt critical services and capture confidential information.

Huge cyberattacks like that of WannaCry install ransomware – a malware which locks down computers until the business pays ransom money is one of the biggest threats.

In a study sponsored by Malwarebytes, Osterman Research studied more than 1,000 SMB’s, last June and discovered that of the participants, 22% of them were victims of Ransomware in 2016.  These companies all had less than a thousand employees, and in some cases, the attack caused an immediate cessation of business operations.  With sixteen percent reporting downtimes that lasted up to 25 hours which resulted in a severe loss of revenue.

“A large organization, like Target, can bounce back from a ransomware attack, but for a small business, when their information is unavailable, it’s a lot harder for them to [rebound],” said Adam Kujawa, head of malware intelligence at security firm Malwarebytes. He continued to say “those small businesses often are more severely impacted by these events.

“Our operating systems and our computer technology have evolved a lot over the last ten years,” Kujawa said. “The attacks aren’t necessarily against computer vs. computer anymore; it’s the cybercriminals versus the user. And human vulnerabilities are something you can’t patch.”

What’s more frustrating is that companies also face fines from the government if they are victims of a data breach that gets leaked online. Adobe was fined $1 million for a 2013 data breach last year.

Large corporations experienced substantial financial losses from the exploit of WannaCry and NotPetya cyberattacks. FedEx’s TNT shipping was plagued with NotPetya and stated that the attack “will likely be material,” indicating that the financial impact will be taking it the most time to recover. FedEx claimed that it wouldn’t be able to recuperate and fully restore all systems affected by the parasite.

Ransomware has high virulence; people can acquire it through click baits from a malicious link within an email or downloading something, like cracks, with malicious codes.

To defend themselves from ransomware, companies, institutions, and agencies should ensure that systems are up to date. They should run robust antivirus software and ensure that all data, and software are frequently backed up, and those back-ups checked for accuracy and include all cloud-based apps.

Training programs for executives and employees must be part of the corporate culture to train them to identify suspicious emails or links.  Policies must be in place that outlines the procedures to required and when to immediately alert the IT department.