Ransomware in Small Business
Have you ever wondered what the deal is with ransomware? You may have read it about it online or heard it on the news. You may know a friend that got hit with ransomware or know of another business that did. If you want to know a little bit more about ransomware and how to protect your small business, you've come to the right place.
What exactly is ransomware?
Ransomware, or sometimes called ransom malware, is a type of malware that prevents you as a user from accessing any of the data on your computer or being able to access your computer at all. All of your documents, whether it be PDFs, word documents, or QuickBooks files, won’t be accessible. You can try to open them, but the computer won't let you. Your computer is basically rendered useless unless you pay the ransom to the bad guys so they can send you a key to unlock all of your encrypted files. In the late 80s, payment was sent to the bad guys via snail Mail. Nowadays, the bad guys want payment sent via cryptocurrency or even your credit card. Statistics show, that only 50% of paid ransoms actually get the key returned to unlock your small business files.
How do you get ransomware?
Typically, there are several different ways you can get ransomware, but the most common method of getting ransomware is through a malicious email that was delivered to your inbox. Most of the time the email will include a booby-trapped attachment that may look harmless. A harmless email attachment may be a PDF or a Word document. The email may also contain a link to a malicious website that can give you ransomware.
Sometimes, criminals will use social engineering in order to entice you to open the attachment or click on the link. Sometimes they will pose as FBI or some government entity. Other times, they may pose as a trusted institution or even a friend of yours.
What are the types of ransomware?
Scareware - Scareware is not very scary. You may receive a pop up on your screen claiming that malware was discovered on your computer and the only way for you to get rid of it is if you pay some money. If you don't do anything, you will likely still be bombarded with more pop-ups, but at least your data is still safe. Please keep in mind, any legitimate security software will not solicit customers by using popups in this manner.
Screen lockers - Screen lockers will lock you out of your computer entirely. When you reboot your computer a full-size window will appear, sometimes accompanied by an FBI warning or United States Department of Justice seal saying illegal activity has been detected in your computer and you must pay a fine. Please note, the FBI or the government would never seize your computer in this manner. They would go through legal channels.
Encrypting ransomware - This is the really bad stuff. These are the criminals who will get access to all of your files and encrypt them, and of course, demand a payment in order for you to be able to open them. The main reason this is so dangerous is that once the criminals get ahold of your files, no security software or system restore can return them to you. Unless you pay the ransom, they're gone. And even if you do pay the ransom, there's no guarantee that you're going to get the encryption key to get your files back.
How do I protect my small business from ransomware?
The first step in ransomware protection is to make sure that you invest in high-level cybersecurity software. Make sure your software has real-time protection that is designed to thwart any malware attacks such as ransomware. You also need to have features that will shield your vulnerable programs on your computer from threats such as anti-exploit technology as well as the ability to block ransomware from holding your important small business files hostage, which is an anti-ransomware component.
The next important step of ransomware protection is to make sure you do secure backups of your small business data on a regular basis. Our recommendation is to make sure you use the 3-2-1 rule. We go over this in detail here. You need to have 2 copies of your small business data on-site, and one copy in the cloud. Cloud backup is very important. Your cloud backup needs to have high-level encryption and multi-factor authentication, with multiple versions.
Make sure your computers and small business devices are fully updated. If you remember, the WannaCry ransomware outbreak took advantage of a vulnerability that Microsoft had in their software back in May 2017. The company did release a patch for the security loophole, but some small businesses didn't patch it in a timely manner, which left them vulnerable to the attack. Our monthly Tech-Up-To-Date Services are a key component making sure your devices are fully patched and updated to help prevent an attack.
The last step in ransomware protection is to make sure you stay informed and educated on the latest news. You need to educate yourself and your employees on how to detect malspam, suspicious websites, and other scams. Most importantly, make sure you exercise common sense. If it seems to be suspect, it probably is.
Contact us at Side by Side IT to see how we can help protect you from ransomware in your small business. In our consulting services, we’ll make sure to cover the 3-2-1 rule and proper backups customized for your important data so you can rest assured in the event of an attack, you can move forward without missing a beat.