Don't Let Ransomware Hold Your Business Hostage: Simple Cybersecurity Tips for SMBs and Startups.

Our Cybersecurity Awareness Program is designed to help small and medium-sized businesses, as well as startups, protect themselves from the ongoing threat of ransomware. This week, we're focusing on providing resources to help you detect and prevent these targeted and sophisticated attacks. First, let's review what ransomware is and how it works.

What is Ransomware?

Ransomware is a type of software that allows cybercriminals to take control of your important data and hold it hostage until you pay a ransom. This malicious software can have a devastating effect on your business, and it's important to understand how it works.

So, how does Ransomware work?

Once it infects your computer, it encrypts your files, making them unusable. Imagine your computer is locked in a cage, and the only way to unlock it is with a special code called a decryption key. However, the scammers who created the ransomware will only give you the key once you pay them. And even if you do pay, there's no guarantee that you'll get your data back.

How does Ransomware spread?

Ransomware is spread through a variety of methods, such as phishing emails, infected files, and compromised websites. It can lock you out of important work files, causing costly damage, and can also infect your systems while destroying confidential or proprietary data essential to the operation of your business.

How much will a ransomware incident cost your business?

In the beginning, attackers typically demanded relatively low payments. However, as ransomware has evolved, the average amount has significantly increased. Attackers can be extremely aggressive, especially when the attack affects your company's operations or your ability to serve your customers. There are numerous reports of multi-million-dollar ransom demands. The cost of ransomware to companies is staggering, with billions of dollars lost every year. However, the true cost is hard to pinpoint, as many incidents go unreported.

How are ransomware attackers paid?

Ransomware attackers typically demand payment in digital currencies such as Bitcoin, which is considered "untraceable." These cryptocurrencies are fully digital and have no physical form. They are created and held electronically and are not controlled by any central authority. Due to the nature of digital currency, its value can frequently fluctuate, making the value of a ransom demand change over time. This adds another layer of complexity for your business when trying to negotiate the ransom payment.

But won't my cyber Insurance policy pay for everything?

Some businesses make the mistake of relying on their cyber insurance policy to pay the ransom and make themselves whole for all the additional costs associated with the incident. It's critical to remember that the fallout of ransomware is often much more than the ransom payment itself. Businesses also experience losses associated with system downtime, hindered productivity, incident response costs, forensics, remediation, and so on. Cyber insurance does not always cover loss of business related to a ransomware attack or other cyberattacks.

To pay or not to pay

It's crucial for businesses to understand that preventing a ransomware attack should be the primary goal. However, it's also important to have a clear stance on whether or not to pay a ransom in case of an attack.

Security experts, law enforcement officials, and the FBI overwhelmingly advise against paying a ransom. This is because the success rate of retrieving stolen data is low, and there is no guarantee that the encryption keys will work. Most importantly, paying the ransom only encourages cybercriminals to continue committing extortion and ransomware attacks.

From a legal standpoint, governments have taken a unified stance on not paying ransoms, with laws supporting this position. For example, a 2020 ruling by the U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN) states that paying ransoms in most cases is illegal. Businesses should also consider these legal implications when deciding how to respond to a ransomware attack.

Will paying a ransom demand guarantee that you get access to your data again?

Absolutely not!, Additionally, there have been cases where data was returned incomplete or with critical programming flaws that rendered the information useless, even with the key. Sadly, there have been instances where organizations have paid the ransom only to be hit with a second, larger payment request.

At Cybersecurity Advisory Group our advice is clear

Do not trust a thief who has already acted unethically, and do not pay the ransom demand. This not only encourages attackers to continue their criminal activity, but it will not guarantee that you will regain access to your data. The best course of action for your businesses is to focus on implementing robust security measures and make frequent backups of your data. Remember to test your backups to ensure they work as intended! These simple measures will ensure that even if an attack occurs, your business will be back up and running quickly, minimizing the impact on your operations and avoiding the need to pay a ransom demand to anyone who comes knocking. Additionally, regular security training for your employees and implementing security protocols will also help to prevent a successful attack. By taking proactive measures to protect your business, you will significantly reduce the likelihood of falling victim to a ransomware attack and the costly consequences that come with it.

Ransomware quick tips

The best way to prevent an infection is to not rely on just one solution but to use multiple, layered solutions for the best possible protection.

1. Hire a cybersecurity professional: Ransomware protection begins with a strong foundation of security best practices. Our Ransomware Readiness Assessment is a comprehensive evaluation of your current security measures and provides recommendations for improving your defenses against ransomware attacks.

2. Security Awareness Training: Educate your employees on the latest techniques cyber criminals are using by taking a security awareness training course. Understanding the enemy is key to avoiding an attack.

3. Internet Security Products: While commercial products can help prevent malware infections, it's important to remember that none of them are 100% effective. Cybercriminals are always looking for weaknesses in security products and promptly take advantage of them. Therefore we recommend using a defense-in-depth approach to protecting your data and assets.

4. Antivirus Software: While antivirus is highly recommended, it's important to have multiple layers of protection in place. Antivirus software cannot prevent infections from zero-day or newly emerging threats.

5. AntiMalware Software: Most anti-malware software like MalwareBytes is designed to run alongside Antivirus products, and it's recommended you have both in place.

6. Whitelisting Software: Whitelisting software allows only known good software that you approve to run or execute on your system, preventing all other applications from running or executing.

7. Backup Solutions: In the event of a catastrophic attack or complete system failure, it's essential to have your data backed up. We recommend using online storage services and an external hard drive (that you disconnect after the backup) to ensure the best possible backup solutions.

To learn more about Cybersecurity Advisory Group and our Ransomware Readiness Assessment, please visit us at https://www.cyberadvisor.tech/. We invite you to learn more about our services and how we can help protect your business from the threat of ransomware.

About the Author: Melissa Thornton, CISSP

Melissa Thornton is a principal security consultant for Cybersecurity Advisory Group, where she specializes in providing SMBs and startup companies with cyber risk management advisory. As a former CEO with over 20 years of technology, business operations, and security experience, Melissa understands the unique challenges of running a business. As a trusted advisor, Melissa works with clients to develop clear strategies and implement best practices across the board. She's skilled at spotting risks—large or small—and ensuring they never become problems.