Why SMBs need a good disaster recovery plan in place

Work in a small business? Then you’re a target for ransomware

"We think it's important to discuss cybersecurity for small and medium-sized businesses," said Eugene Kaspersky, welcoming guests to Malta. Yes, that Kaspersky of security vendor fame. While he wasn't actually in Malta, his words were plastered all over the hotel where assorted journalists, analysts and researchers were assembled to "save the world".

Advertisement - Article continues below

Speaking at the start of this cybersecurity conference, team director of Kaspersky Lab Research & Analysis, Marco Preuss, revealed that the company had stopped more than 80,000 ransomware threats for Android devices alone during the second quarter of 2016. Overall, across all platforms and devices, Kaspersky has seen ransomware attacks rise by 450%, from 131,000 in 2014/2015 to 718,000 in the same period during 2015/2016.

But as a small business, why should you care? Chances are that, as an individual, you have your photograph and music collections in air-gapped archives, or in the cloud right? And your business does the same with mission-critical data right?

So, let's look at the reasons why you should care. Number one is you're getting overly confident. Sure, some kind of physical media away from your digital domain is a good idea, but cloud stores and NAS devices have been known to be caught by the more patient ransomware; these use clever crypto routines to scramble multiple layers of your backups before declaring their presence. But let's agree, on a personal level at least, that you're pretty much sorted; so why should your business care?

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Simply because if you run a small business then you're in the crosshairs of an increasing number of ransomware players. Kaspersky Lab's IT Security Risks survey for 2016 claims that just over 40% of SMBs fell victim to ransomware in the past 12 months. Some 34% of those small businesses paid the ransom to regain access to their data and, most worryingly, 20% weren't able to recover the data even once the ransom was paid. While I'm surprised that so many would cough up in the first place, I'm less surprised about the one in five who found themselves up the creek anyway. I've seen some of the ransomware code and a lot of it is very poorly put together.

Here's the thing. An original piece of code is taken and then messed around with by people who don't really understand what they're doing, let alone being aware of how crypto works; what they understand is making money. That means creating variants by changing stuff, and more often than you might imagine, this also means messing things up.

Advertisement - Article continues below

In fact, that's a very common reason for the data being lost once the ransom has been paid. Most criminals are clever enough to understand that if they take the money and run that the word will spread and nobody will pay up. During a recent trip to Helsinki with Finnish IT security outfit F-Secure, I saw examples of how some ransomware players have customer service and IT support in place that would shame many a legit company.

Anyway, the point is that as a small business you're a target and that's quite simply that. Year on year, again according to Kaspersky, ransomware attacks on business rose nearly six times over from 27,000 to 158,000. It's a clever play by the criminal enterprises behind the most organised of ransomware attacks, as a small business has valuable data it can't afford to be without, and has enough money to pay the ransom (if it's set correctly and usually it isn't stupid, greedy levels of money), but it doesn't have the resources to devote to dedicated IT departments, let alone IT security ones.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The average ransomware ransom, according to Kaspersky's Sergey Martsynkyan, was about $300 over the past 12 months. No surprise that a small business might consider paying up rather than risk losing data, and indeed facing the wrath of the Information Commissioner's Office if the Data Protection Act had been breached with customer information caught up in the process. Prevention remains better than cure, though, which means having good disaster-recovery plans in place whatever the size of your organisation. Having a backup strategy that actually works, by which I mean business-critical data archived to at least two places (one in the cloud and one off-site, detached from the network), should not be optional.

No More Ransom!

I'd further recommend every small business takes a look at the No More Ransom project (nomoreransom.org), which was put together in the summer of 2016. The founding partners of Europol European Cybercrime Centre (EC3) and the Dutch National Police, along with Kaspersky Lab and Intel Security, have done a pretty good job, truth be told. Good enough for 13 other law-enforcement agencies, including the UK's National Crime Agency, to now be on board.It's a great example of how the IT security sector and law enforcement together can disrupt cybercrime. In the case of ransomware, the best way to disrupt the criminals is to take their ransoms away, so No More Ransom operates to help victims to retrieve their data without paying a penny. It also recognises the power of education, informing end-users how ransomware works, and how they can avoid being victim.

Advertisement - Article continues below

Should you be unlucky enough to have fallen victim already, the project can help work out exactly what ransomware has hit you. It will reveal the actual crypto being used to lock up your data, and then determine if a solution has been found that can be used to unlock it again. With law enforcement and private security vendors working closely together, captured servers can be turned over to the coding experts, who can then create decryption software to unlock the encrypted data. It's these tools that are then made available to users.Currently, there are just a handful of decryption tools available, but the number is growing and will continue to do so. Right now there are decrypting tools for Wildfire, Chimera, Teslacrypt, Shade, CoinVault, Rannoh and Rakhni. The number of ransomware threats covered is greater, since some of these decryptors will work across multiple threats.

So, for example, the Rannoh decryptor will decrypt files that have been encrypted by Marsjoke (aka Polyglot), Autolt, Fury, Crybola, Cryakl, CryptXXX 1 and 2, as well as Rannoh itself. In the first two months alone, the project helped 2,500 victims to unlock their data without paying a ransom. It's estimated that cybercriminals have been deprived of 625,000 as a direct result.

This article originally appeared in PC Pro. Image credit: Bigstock.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement
Advertisement

Recommended

Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020
Visit/policy-legislation/data-protection/355835/nhs-yet-to-understand-the-risks-of-holding-test-and-trace
data protection

NHS yet to understand risks of holding Test and Trace data for 20 years

29 May 2020