SMB Ransomware Defense Alert: How To Defend Against Ransomware

Summary: This brief article discusses the cyber threat protections required to avoid ransomware attacks. Learn about the best protection from ransomware and how to keep your data from being held hostage by hackers. For a complete vulnerability assessment, contact DIGIGUARD CYBER SECURITY at 833-33-CYBER (833-332-9237) or visit www.DIGIGUARDsecurity.com to discuss your SMB’s overall security.

Many of us take our computer systems for granted. Day in and day out, SMB owners and employees log onto their systems and begin their day’s business. When computer breakdowns do happen, we usually fix them in-house or call an IT expert. But imagine logging on to your system in the morning and finding you can’t get in. Instead of the usual desktop wallpaper with your company’s logo, the screen is filled with a deadly warning:

“ACCESS IS DENIED!!!
YOUR FILES WILL REMAIN ENCRYPTED UNTIL THE RANSOM IS PAID!
You Have 24 Hours!”

That kind of wake-up call is way beyond the caffeine power of your Starbucks coffee. When you see the above or a similar warning, your SMB has fallen victim to a ransomware attack. Along with a demand for a ransom payment, hackers install a time limit within which you must pay the ransom amount. The ransom demand can automatically double or triple or worse when the time runs out without payment. Every day that your data remains encrypted, your business loses valuable time, money and reputation. Not to mention, your company’s most private data is in the hands of criminals, and you are at their mercy.

Since the pandemic, ransomware attacks through email have doubled. SMBs often think they are not big enough to worry that much about their cyber security. The reality is that cyber thieves love small businesses for that very reason. They are more vulnerable and could be more likely to pay the ransom without question. Also, between the recent increase in remote access work and the connected devices added to networks daily, hackers have more opportunities to capitalize on vulnerable endpoints.

The Two Types Of Ransomware

Cybercriminals have thus far developed two types of ransomware attacks with which to terrorize businesses:

• Crypto Ransomware – Crypto ransomware attacks a company’s most sensitive data and encrypts it, making it unreadable to the user. Hackers will only decrypt the data when the ransom is paid.
• Locker Ransomware – Locker ransomware locks users out of their devices. As with crypto ransomware, locker ransomware will keep the devices locked until the ransom is paid.

Preventing Ransomware Attacks

Ransomware is most commonly launched when a careless or unsuspecting user clicks on an infected attachment or embedded link in an email. It is crucial for users to slow things down and check the identity of email senders before opening anything. Also, it is prudent never to click “Accept” when prompted to “Enable macros.” Macros can automate a cyberattack and help the attacker speed up the distribution of the malicious code throughout a network. IT and cyber security training for employees is essential to keeping your business’s network safe. Teaching them to follow best practices to defend against ransomware attacks is part of a holistic approach to security in which everyone is a stakeholder. Comprehensive training can prevent employees from becoming “the weakest link” in computer system protection. The best protection from ransomware is educated users. Removing Ransomware

There is no instant fix for ransomware attacks. However, in the event of an attack, time is of the essence, and several actions should be taken as quickly as possible:

• Disconnect All Connected Devices (including drives) From Your Network – Quick action can potentially mitigate the spread of ransomware.
• Lock Down Your Network – Depending on the scope of the attack, taking your network offline can also slow the spread of the malware infection.
• Take a Photo of The Ransom Notice – You will need a photo for filing insurance and police reports.
• Try to Analyze What Malware Caused The Attack – If you are not tech-savvy enough to perform an analysis, contact an IT professional to perform a vulnerability assessment.
• Write a Detailed Damage Report – A damage report should include what devices and files have been infected by a ransomware attack.
• Report The Attack To Local Police – It is critical to file a police report as soon as possible. Local police might refer you to their cybercrimes division, who are better trained to deal with online attacks.

The Clock is Ticking

• As time passes, mitigating or stopping the spread of a ransomware attack becomes more difficult. Quick action is the key to successfully thwarting an attack.
• If you feel you are knowledgeable in IT, try using decryption tools. However, if you don’t know what you are doing, you could be wasting valuable time and should defer to IT experts.
• If you have clean data backups, try erasing your entire system and reinstalling your best backup. Note: Do not erase anything if you don’t have clean system backups.
• To the best of your ability, create a detailed damage report.

SMB owners get caught up in operating their businesses and don’t think enough about cyber security. Unfortunately, many don’t understand that an attack could spread to their vendors and suppliers if their company's system has been breached. Once they have been infected, the trust between companies has been damaged. Furthermore, legal challenges, including fines and legal fees, are additional problems that might also be presented. In tandem with a damaged reputation, monetary consequences can put SMBs out of business. When hit with a ransomware attack, your SMB is on the line. We recommend enlisting the help of professional ransomware services to help decrypt and retrieve your data, analyze the consequences of the breach and design a plan to protect your company from future ransomware attacks.