BLOG: Highway Robbery: Ransomware and Small Business

Part 2 of a 3 part series on cybercrime and small business

Stand and deliver! Instead of stagecoaches and bandits, today’s highwaymen prefer to sit behind computer screens and rob you through nefarious coding.

Currently, hospitals, multinational businesses, government agencies, and small businesses are falling victim to ransomware at alarming rates. Earlier this year, the ransomware virus WannaCry infected at least 100,000 organizations in 150 countries.

As the name implies, ransomware is a malicious software that locks computers and encrypts the data for ransom. In recent cases, attackers have demanded ransoms of up to 300 bitcoins ($728,385.00 USD). If the victim refuses to pay the ransom in three days, the amount doubles to 600 bitcoins. If the ransom goes unpaid, the data is lost. Data taken includes supply chain details, banking accounts, and personnel records. This information helps with identity-theft schemes and gaining illegal access into the networks of larger corporations who work with small business contractors. Given the growing cybercrime industry, it is important to understand the dangers of ransomware.

While it may seem like a new threat, ransomware has existed since 2005 but only recently merited national attention. This change in notoriety resulted from a new batch of high-profile attacks around the world.  Ransomware’s popularity among cybercriminals is increasing because it works. Attackers have vastly improved the ransom scheme by developing ransom cryptware, which encrypts computer files using a key only the attacker knows. Generally, ransomware infects a system when an unsuspecting person falls victim to a phishing attack through a malicious attachment or a URL that downloads malware to their computer. Viruses can also infect computers through malvertising, which occurs if someone visits a web site that is hosting compromised advertisements. A payoff from a ransomware attack can be huge. The FBI estimated that in 2014 the extortionists behind the CryptoLocker ransomware robbed companies of $27 million in just six months.

Ransomware attackers have innovated in recent months and now encrypt files on individual computers and on core servers; this prevents entire organizations from accessing shared files and databases. Hackers also target backup repositories used to restore data to prevent people from circumventing the ransom by wiping computers and reloading the compromised data. The current strain of ransomware, WannaCry, is the 21st century’s equivalent of a highway robber — it appeared from nowhere, blackmailed its victims, and prevented them from conducting daily business until paying. Ransomware does not just attack computers; it also targets smart phones. Any device that connects to a company’s network can be hacked and used as a backdoor access point. If your computers are secure but not your employees’ smartphones, hackers can still unleash a ransomware attack.

Last year the FBI issued a warning that all strains of the ransomware virus are on the rise. Individuals, businesses of all sizes, government agencies, academic institutions, and law enforcement agencies have all fallen victim to strains of this virtual virus. Once the malware infects a computer, it gives hackers a backdoor into any systems connected to the compromised network. Considering the lucrative nature of ransomware, this threat is unlikely to dissipate.

How lucrative is ransomware? According to a report published by the Symantic Corporation, approximately 3% of victims pay the ransom. At an average of $200 per victim, attackers gross at least $34,000 a day. This data came from just one server linked to a known cyber hacker. Cisco Systems declared ransomware the most profitable malware attack in history.  Their 2016 Midyear Cybersecurity Report estimates that hackers target 90,000 victims daily and net an estimated $34 million annually. The number of victims is extrapolating at an alarming rate.

Protecting against ransomware is difficult since attackers actively alter their coding to defeat anti-virus programs. However, antivirus and anti-malware software remains the best method to protect your business from ransomware. It is not possible to eliminate the risk of falling victim to a ransomware attack, but you can lessen the pain by conducting regular data backups and storing it on an unconnected device. Even if you think your small business is not at risk from a ransomware virus, keep in mind that only 48% of cybercrime results from malicious intent. Human error, which includes unsuspectedly downloading malware, accounts for 52% of all cybercrime outbreaks. Small businesses are especially susceptible due to a lack of cybersecurity protocols and up-to-date software. Either spend the money now to update cybersecurity protocols or be prepared to pay a digital robber later.

Steps to Prevent Ransomware Attacks

Here are some practices to reduce the risks of ransomware attack:

  • Do regular data backups and store them in a secure, non-web accessible location.
  • Upgrade your OS systems and pay attention to current security patches.
  • Replace unsupported OS systems.
  • Install a combination of antivirus + anti-malware on your networks. Malware is an umbrella term that stands for a variety of malicious software, including Trojans, spyware, worms, adware, ransomware, and viruses. All viruses are malware. Not all malware are viruses. Anti-malware is an additional layer of protection.
  • Corroborate the source of your emails and internal communications, and avoid opening attachments or links from unknown sources.
  • Verify that emails from known sources are not compromised. Even if the email comes from a recognizable source, if the message appears “off,” do not click on any of the links. In most instances fake emails merely masquerade as legitimate sources. Check the web address after the @ symbol to confirm it is coming from the right person. If the email address is legitimate but the information is fishy, check to see if the account was hacked before clicking on any links or downloading attachments. Remember, no bank, employer, or reputable website will ask for sensitive information in an email.
  • Turn off automatic downloading of email attachments to keep from inadvertently infecting your computer.
  • Make sure employees have secure smartphones.
  • Consult with a cybersecurity professional.

Want more information? Check out this helpful resource on small business cyber security:


Virginia SBDC