Defending Your Small Business Against Ransomware Emails

Summary: What are the types of ransomware most often faced by small businesses, how to prevent an attack and what to do if you’re the victim of an attack.

What Should You Do Instead of Paying Ransomware?

As an owner of a small or midsized business (SMB), you probably start work earlier than everyone else. One morning, you sit down to log on to your company’s network, ready to catch up on email. But when you enter your username and password a full-screen alert window pops up: “WARNING! YOUR FILES HAVE BEEN ENCRYPTED.”

The message says that your data is safe; however, only paying ransomware will allow you to have it decrypted by the hacker. Your hard-earned, confidential business data is being held hostage. And in two days, the ransom will double. Oh no! Ransomware what to do?

Unfortunately, the above scenario has grown increasingly common, and paying ransomware doesn’t always unlock your data. To make matters worse, attacks via ransomware emails have more than doubled over recent years. The FBI, working with other security agencies, is devoting more and more resources to the investigation, prosecution and prevention of ransomware attacks, as they affect companies, large and small, on a global level.

Q: Why are small businesses attractive targets for ransomware criminals?

A: Cybercriminals often see small businesses as easier targets because they may lack dedicated IT teams, advanced monitoring tools or formal security policies. At the same time, these businesses rely heavily on digital systems to operate, making them more likely to pay a ransom quickly to restore access. Attackers count on urgency and limited resources to increase payment likelihood.

What Are the Types of Ransomware?

• Crypto Ransomware – targets your most valuable files and encrypts them so that you cannot access them. Once you have been locked out, the hacker demands a ransom payment before decrypting your data and freeing up your system
• Locker Ransomware – Instead of encrypting your data, locker ransomware locks you out of your devices. The attackers demand a ransom to unlock the devices

Most victims of ransomware attacks have either opened infected attachments or have unknowingly clicked on links embedded in spam emails. The best way to spot a ransomware email is to check the identity of the sender carefully and take extra care in opening emails from unknown sources.

If you are unsure of the sender’s identity, don’t open any attachments until their credentials have been verified. Furthermore, never act on a request to “enable macros.” Macros embedded by hackers will speed up the spread of malware through your system and network. It also makes sense to have a cybersecurity provider or ransomware service conduct a vulnerability assessment, which can identify weaknesses.

Q: What steps can small businesses take to reduce the risk of ransomware emails?

A: Small businesses should maintain regular offline backups, apply software updates promptly and use strong, unique passwords with multifactor authentication. Employee training is essential to recognize phishing attempts and suspicious activity. Implementing endpoint protection, email filtering and network segmentation also helps limit the spread and impact of an attack.

Ransomware - What to Do If You’re Attacked?

Once your company has fallen victim to a ransomware attack, take action:

• Immediately disconnect the computer that received the ransomware email from others on your network, and disconnect from WiFi and any external drives
• Lock Down your network
• Photograph the ransom note to file with police reports. Preserve as much evidence as possible
• Detemine what kind of malware is holding your data hostage. If you can identify the malware type, it will be easier for ransomware services to determine the best way to remove it from your system
• Report the attack to local police as soon as possible. Your precinct will probably refer you to the cybercrimes division, which will try to identify the hacker as quickly as possible to help other companies avoid falling victim to the same attack
• Assess the damage to determine which files and what other networked machines have been infected
• Attempt decrypting if you have the tools. it’s worth a try
• Reinstall from backups if you have up-to-date, clean backups of your data. Consider deleting all data from your system and reinstalling
• Teach your employees to report any cyberattack as soon as it occurs, even if they think they’ve inadvertently been the cause of the attack. The quicker the response to a ransomware attack, the more likely it can be contained

Q: What should a small business do if it experiences a ransomware attack?

A: The business should immediately isolate affected systems to prevent further spread and contact cybersecurity professionals or incident response teams. Law enforcement and insurance providers should also be notified. Restoring from clean backups is often safer than paying ransomware, which doesn’t guarantee data recovery and may encourage further criminal activity.

Ransomware Risk Reduction - What to Do Before You’re Attacked?

Many companies are required by law to protect the personal and financial data they collect from clients. If they are attacked by ransomware, their clients have also been attacked. For medical and legal practices, safe and secure data is crucial to their reputations. Data breaches such as ransomware attacks can put companies out of business and expose them to legal challenges.

A professional cybersecurity expert can help by providing your small business its own secure and affordable virtual private network (VPN) and other cutting edge cyber defenses, so your company’s data will be safer in an expanding mobile work environment.

Set up a call with us if you’re looking for a New York City area cybersecurity company or contact a small business IT security expert near you to learn more about ransomware services and security awareness training for small and midsized business employees.