Ransomware has been in the news a lot of the last few years. It’s now the top reason for infecting a computer these days and can bring a company down at least temporarily. News outlets don’t do the best job of explaining what it is and why it works.
Ransomware at its most basic is software that encrypts files on a computer and then offers to sell you the encryption key to get them back to normal. (https://support.sophos.com/support/s/article/KB-000036277?language=en_US) Encrypted files are impossible to open or use until you decrypt them. If ransomware is done right, the only way to get the decryption key in a timely or cost-effective fashion is to pay the ransom. However, the encryption of your files is no longer the only way a cybercriminal will ransom you.
Evolving the Ransom
Cybercriminals, having already infected your computer, will now add additional levels of pain to force the extortion. They can copy your data to their own servers (exfiltration) and threaten to release that information publicly, damaging your company’s reputation. Fines could even be involved if the data includes protected information protected by laws like HIPAA (though the simple fact the exfiltration occurred already means your company has had a data breach). They can also report the breach to customers, partners, and the press. Now they might even start other attacks on your company’s network like distributed denial of service (DDoS) so you can’t communicate properly to respond to the attack. Finally, some have started threatening to attack again and simply delete all the data the next time to teach the victim a lesson for failing to pay the ransom. (https://blog.knowbe4.com/new-ransomware-variant-brings-with-it-the-dawn-of-the-era-of-quintuple-extortion)
All of these attack vectors make it extremely difficult to rely only on backups as a way to prevent having to pay the ransom. Cyber insurance can help with that aspect, but companies that offer such insurance have figured out that the cost is continuing to go up and they won’t cover a business without assurances that the business is properly defending itself from attacks in the first place and won’t pay out if they discover the business wasn’t truthful in those assurances.
How To Protect Yourself
Cyber criminals rely on three main ways to access business computers to install their ransomware: vulnerabilities/bugs in existing legitimate software, remote desktop access, and phishing. (https://www.sentinelone.com/cybersecurity-101/ransomware/) Vulnerabilities must be managed through diligent patching protocols and vulnerability management for things that don’t have patches yet. Remote desktop should generally be unavailable directly to any computer. Phishing on the other hand, is much more difficult to solve with only technical solutions. A combination of advanced email scanning and user training are required to avoid phishing attacks.
Why Small Companies Are the Most Vulnerable
Thinking that a company is too small to be a target for ransomware cybercriminals is also a big mistake. Larger companies have already started investing in their cyber security infrastructure, so they are much harder to infect now. Smaller companies without adequate IT security are prime targets for such criminals because they’re more likely to get paid, even if the payment is lower than what they could get for a large company. They can hit many more small companies for cheaper and easier successful ransoms.