Why SMBs need a good disaster recovery plan in place

Work in a small business? Then you’re a target for ransomware

"We think it's important to discuss cybersecurity for small and medium-sized businesses," said Eugene Kaspersky, welcoming guests to Malta. Yes, that Kaspersky of security vendor fame. While he wasn't actually in Malta, his words were plastered all over the hotel where assorted journalists, analysts and researchers were assembled to "save the world".

Advertisement - Article continues below

Speaking at the start of this cybersecurity conference, team director of Kaspersky Lab Research & Analysis, Marco Preuss, revealed that the company had stopped more than 80,000 ransomware threats for Android devices alone during the second quarter of 2016. Overall, across all platforms and devices, Kaspersky has seen ransomware attacks rise by 450%, from 131,000 in 2014/2015 to 718,000 in the same period during 2015/2016.

But as a small business, why should you care? Chances are that, as an individual, you have your photograph and music collections in air-gapped archives, or in the cloud right? And your business does the same with mission-critical data right?

So, let's look at the reasons why you should care. Number one is you're getting overly confident. Sure, some kind of physical media away from your digital domain is a good idea, but cloud stores and NAS devices have been known to be caught by the more patient ransomware; these use clever crypto routines to scramble multiple layers of your backups before declaring their presence. But let's agree, on a personal level at least, that you're pretty much sorted; so why should your business care?

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Simply because if you run a small business then you're in the crosshairs of an increasing number of ransomware players. Kaspersky Lab's IT Security Risks survey for 2016 claims that just over 40% of SMBs fell victim to ransomware in the past 12 months. Some 34% of those small businesses paid the ransom to regain access to their data and, most worryingly, 20% weren't able to recover the data even once the ransom was paid. While I'm surprised that so many would cough up in the first place, I'm less surprised about the one in five who found themselves up the creek anyway. I've seen some of the ransomware code and a lot of it is very poorly put together.

Here's the thing. An original piece of code is taken and then messed around with by people who don't really understand what they're doing, let alone being aware of how crypto works; what they understand is making money. That means creating variants by changing stuff, and more often than you might imagine, this also means messing things up.

Advertisement - Article continues below

In fact, that's a very common reason for the data being lost once the ransom has been paid. Most criminals are clever enough to understand that if they take the money and run that the word will spread and nobody will pay up. During a recent trip to Helsinki with Finnish IT security outfit F-Secure, I saw examples of how some ransomware players have customer service and IT support in place that would shame many a legit company.

Anyway, the point is that as a small business you're a target and that's quite simply that. Year on year, again according to Kaspersky, ransomware attacks on business rose nearly six times over from 27,000 to 158,000. It's a clever play by the criminal enterprises behind the most organised of ransomware attacks, as a small business has valuable data it can't afford to be without, and has enough money to pay the ransom (if it's set correctly and usually it isn't stupid, greedy levels of money), but it doesn't have the resources to devote to dedicated IT departments, let alone IT security ones.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The average ransomware ransom, according to Kaspersky's Sergey Martsynkyan, was about $300 over the past 12 months. No surprise that a small business might consider paying up rather than risk losing data, and indeed facing the wrath of the Information Commissioner's Office if the Data Protection Act had been breached with customer information caught up in the process. Prevention remains better than cure, though, which means having good disaster-recovery plans in place whatever the size of your organisation. Having a backup strategy that actually works, by which I mean business-critical data archived to at least two places (one in the cloud and one off-site, detached from the network), should not be optional.

No More Ransom!

I'd further recommend every small business takes a look at the No More Ransom project (nomoreransom.org), which was put together in the summer of 2016. The founding partners of Europol European Cybercrime Centre (EC3) and the Dutch National Police, along with Kaspersky Lab and Intel Security, have done a pretty good job, truth be told. Good enough for 13 other law-enforcement agencies, including the UK's National Crime Agency, to now be on board.It's a great example of how the IT security sector and law enforcement together can disrupt cybercrime. In the case of ransomware, the best way to disrupt the criminals is to take their ransoms away, so No More Ransom operates to help victims to retrieve their data without paying a penny. It also recognises the power of education, informing end-users how ransomware works, and how they can avoid being victim.

Advertisement - Article continues below

Should you be unlucky enough to have fallen victim already, the project can help work out exactly what ransomware has hit you. It will reveal the actual crypto being used to lock up your data, and then determine if a solution has been found that can be used to unlock it again. With law enforcement and private security vendors working closely together, captured servers can be turned over to the coding experts, who can then create decryption software to unlock the encrypted data. It's these tools that are then made available to users.Currently, there are just a handful of decryption tools available, but the number is growing and will continue to do so. Right now there are decrypting tools for Wildfire, Chimera, Teslacrypt, Shade, CoinVault, Rannoh and Rakhni. The number of ransomware threats covered is greater, since some of these decryptors will work across multiple threats.

So, for example, the Rannoh decryptor will decrypt files that have been encrypted by Marsjoke (aka Polyglot), Autolt, Fury, Crybola, Cryakl, CryptXXX 1 and 2, as well as Rannoh itself. In the first two months alone, the project helped 2,500 victims to unlock their data without paying a ransom. It's estimated that cybercriminals have been deprived of 625,000 as a direct result.

This article originally appeared in PC Pro. Image credit: Bigstock.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
UN report points to a 350% rise in phishing websites at start of 2020
phishing

UN report points to a 350% rise in phishing websites at start of 2020

7 Aug 2020