In recent years, ransomware has become a popular method for hackers looking to extort money from small-and-medium-sized businesses (SMBs). The concept of ransomware, however, is not a new one, and has been creating problems for small businesses since 1989 starting with the ‘AIDS Trojan’. Distributed via a floppy disc, the ransomware mimicked a software expiry notice – requiring users to pay a ransom by post so files could be decrypted. This ransomware, however, was considered easily breakable due to an over-reliance on symmetric cryptography, along with a less than perfect distribution method, and passed without significant damage.
[easy-tweet tweet=”In recent years, #ransomware has become a popular method for hackers looking to extort money from SMBs”]
In today’s business landscape, we are witnessing a ransomware gold rush. This has been brought on by a combination of both technological progression, and greater proliferation of readymade ransomware packages available to scammers through the Darknet. SMBs are a prime target for hackers due to the high rate of return of successful scams, alongside the relative ease of infiltration. Also, larger businesses often place greater emphasis on investing in security compared to SMBs, making them a more difficult and time consuming target.
Sitting ducks: why SMBs are least prepared for a cyber-attack
Ransomware is a high-margin scam – especially when it targets smaller, less secure businesses. Contrary to popular belief, this type of scam is neither difficult, nor does it require a large amount of intelligence from the attacker. Another problem businesses are facing is that due to the low cost of producing this type of attack, a ransomware campaign only needs a low conversion rate to be considered a success. In comparison, focussing resources on attacking a single large company can often yield no results.
In a recent survey of UK businesses, however, over one third of those had suffered a ransomware attack, with 31 per cent admitting they would rather pay the ransom instead of losing vital data. The problem with this approach is that there is no guarantee that a business will ever receive the decryption key, due to the command and control server potentially being under investigation from a security vendor or law enforcement. Consequently, an organisation could pay a large sum of money to retrieve its data, and receive nothing in return.
Creating awareness: educating SMBs on the ransomware threat
SMBs are the most lucrative target for ransomware attacks as they usually possess more significant financial resources than standard users, while rarely undertaking the comprehensive security policies of larger companies. Some companies make hackers’ jobs simpler by posting company email addresses online. While this is a minimal risk with modern security solutions and continuous data protection policies, a large number of SMBs do not take advantage of the security available to them.
Bitdefender recommends business users and IT administrators should set up regular offline, off-site backups to critical data to prevent malware from finding the network connected storage, and encrypt this data. Deploying a company-wide security solution is also recommended, as this will help spot malicious payloads landing via drive-by attacks or spear-phishing attempts. IT administrators are also encouraged to set up access control lists and restrict user permissions on endpoints to ensure employees don’t accidentally install suspicious or rogue software.
[easy-tweet tweet=”SMBs are a prime target for hackers due to the high rate of return of successful scams & the relative ease of infiltration”]
We predict 2016 will be the year of ransomware, and that the number of victims will significantly increase across the board. The increased ransomware detections we have observed not only suggest that it has become a highly lucrative business, but also that malware developers will soon begin exploiting new platforms, as seen with Linux. As malware developers broaden their perspectives by targeting operating systems that have a large market share, the chances of infection increase exponentially, making a security solution that can stay abreast of a constantly shifting threat landscape indispensable.
Chief Security Strategist at Bitdefender
Alexandru Catalin Cosoi is Bitdefender's Chief Security Strategist, tasked with energising and publicising the company's technological progress.
Catalin specialises in pattern extraction and recognition technologies, with an accent on neural networks and clustering algorithms. His technical achievements have so far materialised in four granted patents and a series of classification technologies being implemented mostly in Bitdefender software. As a consequence of his interests, he is also pursuing a PhD in natural language processing.
He lists his professional goals as "gaining a Nobel prize and achieving clinical immortality". He is married and lives in Bucharest, Romania at the rare times when his job isn't sending him around the globe.