BelgiĂŤ (Nederlands)
Belgique (français)
ÄeskĂĄ republika
Danmark
Deutschland
EspaĂąa
France
Italia
MagyarorszĂĄg
Nederland
Norge
Polska
Portugal
România
Schweiz (Deutsch)
Slovensko (Äesky)
South Africa
Suisse (français)
Suomi
Sverige
TĂźrkiye
United Arab Emirates
Ransomware is a type of malware â and a growing problem for businesses. It typically encrypts files, systems, or devices, or âlocksâ screens, rendering folders, files, or complete systems inaccessible. Users are then notified that the system has become compromised and cannot be accessed until a financial âransomâ is paid.
Ransomware can infect your network in many ways, such as a user visiting a compromised website, downloading an infected file, opening a spam email, or could result from unpatched software, leading to increased vulnerabilities across your network. Malware can also remain dormant on a network or device for an extended period, showing its difficulty to trace and eradicate.
This type of malware is often used by cybercriminals to target healthcare, financial sectors, and governments, all of which amass confidential or sensitive data to provide essential services.
In this guide, we will explain how ransomware can affect your business, the different types of ransomware, and how to prevent the threat of ransomware to your business.
Malware is an umbrella term for many types of malicious software. Types are usually defined by the deployment method or how it acts once it has accessed a network. For example, ransomware is sometimes referred to as a virus. In some cases, this is true, but viruses are just one type of malicious software characterized by the ability to replicate its code.
While older forms of ransomware remain, such as Phobos ransomware, new forms of ransomware are constantly being created, and the number of attacks nearly doubled in the first half of 2021. According to Cognyte, 1,097 organizations were hit by ransomware attacks in the first half of 2021 compared to 1,112 in 2020 for the entire year. The US is the most targeted country, accounting for 54.9% of the total victims.
Several factors could increase the risk of your business being targeted, including:
Preventing ransomware from accessing your systems and defending your business at the initial stages of an attack can save your business thousands, if not millions in recovery costs. A poignant example is the CryptoLocker ransomware attack, which took more than six months to resolve.
Occurring from September 2013 to May 2014, cybercriminals developed a new botnet, named Gameover ZeuS, which formed a network of targets infected with the malware. A script was then sent to the victims via email attachment, which activated the malware once opened. The ransomware was also able to identify other connected devices on the victimâs network, fully encrypting all data or locking operating systems, and halting business operations.
The malware successfully encrypted files and informed victims that their operations were held hostage until payment of a ransom. Attackers obtained millions of dollars throughout their operations.
In the CryptoLocker attack, an asymmetric encryption tactic was also utilized. This means that the bad actor could encrypt a file with a public key, while the recipient could only decrypt the system with a private key. Without a private key, recovering the encrypted files was almost impossible.
While not every ransomware victim pays a ransom or incurs a cost, in 95% of cases where there were ransomware-related costs, the median loss was $11,150, according to Verizon. However, losses ranged from a low of $70 to a high of $1.2 million. Businesses that understand how to prevent ransomware can significantly reduce their online vulnerability.
Below, we outline key steps to prevent, block, and defend your operations against potential ransomware attacks.
Employees are the first line of defense to tackle various cyberthreats to business operations and should have at least a basic knowledge of cybersecurity risks, such as spam and phishing attempts, as well as other common tactics, such as:
A âsuspicious emailâ policy to build employee awareness of potential threats can also be helpful, ensuring everyone follows the same procedures to reduce risk levels. Make sure you test any disaster planning policies in advance to identify any gaps or issues and ensure everyone is prepared.
In any potential ransomware attack, the cybercriminal will need to undertake essential research on your business â there is no better source for this information than your management team and other employees. To protect your business data, never give out sensitive information to untrusted sources.
All parties across your business must remain cautious in responding to any files, attachments, or links, regardless of who has sent them, as such files can contain harmful ransomware, viruses, or software. Encryption can provide an algorithm to secure confidential data, which requires the receiving party to decrypt it with a decryption key. Without this key, the data is unreadable to others. Encryption keys are used to decrypt ciphertext back into readable plaintext; therefore, without this key, information is unusable and can prevent the risk of data falling into the wrong hands.
To protect your computer from ransomware, do not click on unverified links, attachments, applications, or pop-ups. When browsing on a desktop, you can check a link destination by hovering your mouse over the link â the target URL address will appear at the bottom of your browser for you to check before you click. Secured sites use âhttpsâ instead of âhttp' and have a shield or lock symbol in the address bar. If the target URL is not secure or looks suspicious â for example, if it is not what you expect based on the context of the link â you should not click.
Additionally, downloading malicious apps on both iOS and Android on mobile can also encourage the spread of malware. To mitigate the threat of ransomware, only visit verified, trusted sites like Google Play Store for Android users and the App Store for iPhone users. While this is not 100% foolproof, make sure to check user reviews and number of downloads before installing any new apps, have a clean-up of unused apps every few months, and deploy a robust security solution across your mobile device to prevent the threat of a ransomware attack.
Additionally, criminals can also take advantage of weak security systems via Wi-Fi networks, or whether you click a link in a bogus text message, email, or website. The best advice: Be cautious and always play it safe.
Install content scanning and filtering software across your mail servers to block, detect, and prevent the risk of a ransomware attack. These extra layers of protection include:
Restricting usersâ ability and removing certain access privileges to download, run, and install software applications, known as Principle of Least Privilege (PoLP) is universally considered a best practice in significantly combating the risk of malware entering your network.
While it is not a popular solution among employees, limiting user privileges is a way to enable businesses to successfully secure sensitive and confidential data, connected devices, programs, and accounts, while remaining compliant in protecting associated information. Role-Based Access Control (RBAC) can also be a successful way to restrict system access while varying levels of permissions to those in certain roles and groups across the business.
External devices, such as USBs, can create havoc for businesses. While networks can safeguard against internal threats, an external device can be infected with malware without the user being aware. Once inserted and connected to the business network, the malware stored on an employeeâs personal device, or other hardware, can spread to the wider business network. To prevent the risk of ransomware, the best defense will be to remove the use of external devices in the workplace.
To further protect your business from ransomware and other cyberattacks, you must regularly update software and applications, including patches, which are provided by cybersecurity companies to fix any known vulnerabilities on your network.
The 2017 WannaCry attack spread to more than 230,000 Windows PCs in 150 countries in just one day, impacting government agencies, medical facilities, and hospitals. The NHS in the UK was one of the services affected, with out-of-date software playing a significant role in the extent of the disruption. Bad actors were able to exploit outdated and unpatched software. WannaCry remains one of the most infamous cyberattacks to date, and since 2017, Avast has blocked over 170 million additional WannaCry ransomware attacks.
Antivirus solutions can automate patching and updates to ensure your systems are always protected from the newest cyberthreats.
In the event of a ransomware attack, backups can significantly reduce the downtime required to restore operations. Backups can include the following solutions:
.svg)
To future proof your business in the event of a ransomware attack, you should implement a Disaster Recovery Plan and Business Continuity Plan. These will enable your business to define the processes and protocols to follow in the event of an attack. Youâll also ascertain the roles for each individual and the contacts that must be notified to support both prevention and recovery.
The importance of installing robust security software and maintaining your system with regular security updates cannot be understated. Using multiple security tools and processes, known as a layered approach, will maximize protection from a ransomware attack.
The following will significantly strengthen your existing security strategy:
Multi-Factor Authentication (MFA), also known as two-factor authentication, has grown in popularity and prominence. Alongside a strong password, users are asked to provide a second piece of information or process to access their account, providing an additional layer of security.
MFA methods vary and may include:
Installing a Virtual Private Network (VPN) will enable you to encrypt your connection and keep your business data secure and protected while you are in public by creating a secure connection between your device and the internet, enabling you to access your data privately without risk while utilizing public networks. Find out more about how VPNs work and the various types available.
Defined as any device that is connected to your network, endpoint security can protect your business devices from malware attacks and zero-day attacks, which exploit unpatched security flaws. This can make your system increasingly vulnerable, having âzero daysâ warning to fix any weaknesses before an attack.
Protecting all endpoints, both physically, virtually, or cloud-based is delivered through a centralized management console, enabling administrators to routinely monitor and protect your systems in real-time.
Intrusion Detection Systems (IDS) routinely monitor your network for any harmful activity, including the threat of ransomware, by detecting unusual or malicious activity in real-time. This allows your business to respond to incidents quickly, with minimal operational downtime.
Many ransomware variants can take advantage of Remote Desktop Protocol (RDP), which allows users to connect to a device remotely. It remains a popular entry point for ransomware attacks, particularly default RDP open port 3389.
Additional Server Message Block (SMB) ports, such as port 445, also allow servers and applications on your network to communicate with one another and with other systems, providing users with the ability to share files, complete activities such as printing documents, and complete tasks successfully over the internet.
Protecting your network and connected devices from both internal and external threats, the advantages of antivirus software include:
Keep your organization defended against ransomware and advanced cyberattacks with Avast Small Business Solutions, our all-in-one cybersecurity that delivers simple, powerful, and affordable online protection for your small business.
