Connecticut's IT Blog for Growing Businesses | NSI

Is Your CT SMB Vulnerable to the Next Worldwide Ransomware Outbreak?

Written by Tom McDonald | Jul 13, 2017 12:00:00 PM

The risk from ransomware is real and threatening Connecticut businesses. If you doubt that statement, consider the chaos created by the WannaCry/Petya virus in recent weeks. This malware attack rapidly spread worldwide, disrupting global businesses and costing companies millions in lost revenue and trying to kill the virus. Connecticut small to medium-sized businesses (SMBs) are particularly vulnerable to this type of malware attack.

SMBs are being targeted largely because they tend to be less prepared to stave off malware, and because they can provide access to bigger fish. We all have heard about the Target data breach that cost $39 million in settlements, but what you may not know is that it was a smaller company, an HVAC vendor, that was hacked to provide access to Target records. Ransomware is a particularly vicious attack and most SMBs are unprepared so they pay up.

A Bitdefender survey reveals that 20 percent of SMBs have experienced a malware attack in the last 12 months. Thirty-eight percent of SMBs paid an average of $2,423 in ransom, but very few actually recovered their encrypted data.

Anatomy of a Ransomware Attack

To help you understand how easy it is to fall victim to ransomware, let’s take a closer look at the most recent global attack of the Petya virus.

On Tuesday, June 27, a worldwide ransomware epidemic hit the internet, immediately impacting companies in Ukraine, Russia, Spain, Belgium, Brazil, France, and the United States, and ultimately hitting at least 65 countries. Microsoft says it traced the attack to a Ukrainian company’s tax accounting software.

The ransomware is a new variant of Petya, which is being compared to the WannaCry ransomware virus that hit 150 countries in May. A “kill switch” was uncovered to stop the May WannaCry outbreak, but this latest version has been updated, making it harder to eradicate. It spreads throughout a company, often faster than it can be contained, locking down workstations and typically demanding $300 in bitcoin to unlock infected machines.

Software experts note that this latest mutation of Petya is more than ransomware. In addition to extorting $300, the malware actually is “wiper malware” that will completely destroy the infected machine’s data.

Microsoft has already released a software patch to address the problem, but if a machine is already infected it’s clearly too late.

Prepare or Pay Up

The Ponemon Institute reports that more than 50 percent of SMBs have fallen victim to ransomware. The average company had four ransomware attacks last year, with each incident  averaging $2,500 in ransom cost and taking about 42 hours to resolve.

Of those companies that suffered a ransomware attack, 48 percent paid the ransom, and 42 percent said they chose not to pay because they had a complete and accurate systems backup. Forty-six percent of survey respondents said that ransomware prevention was a high priority for the company, but only 13 percent said their ransomware preparedness was “high.” In all, 57 percent said they thought their companies were too small to be a target for ransomware.

Those SMBs that evaded the consequences of a ransomware attack were those that were best prepared. There are a number of steps that CT businesses should take to defend themselves from ransomware:

  1.   Keep software up to date. Be sure that all your enterprise software is properly maintained, including software updates. Updates contain new code that can prevent malware threats, and software that is not kept up to date is vulnerable.
  1.   Maintain current backups. The best way to make sure you can weather a malware attack is to maintain regular system backups. If your enterprise systems are compromised, restoring the system from a clean backup can take a fraction of the time it would take to remove a virus.
  1.   Have reliable security monitoring. Proactive malware protection is important, and there are a variety of anti-malware solutions that can filter out computer viruses, but no anti-malware solution is foolproof. In fact, many viruses, including ransomware, are the result of phishing attacks that fool employees into launching malware from an email or file attachment. Continuous security monitoring, however, can watch for suspicious network activity or traffic and often can identify a cyberattack before it becomes pervasive.

While these steps provide an effective defense against ransomware, they also are tasks that can be readily outsourced. Running backups and system monitoring are probably not a good use of your IT team, and it really pays to have an expert with the dedicated resources. The right managed service provider (MSP) can help save your data in the event of a ransomware attack. They provide dedicated systems monitoring as well as backup and disaster recovery services, and ensure that all software is up to date. The MSP’s job is to ensure that your systems are secure and you can recover quickly in the event of disaster. An MSP partner also can help you devise a disaster recovery plan so if you are attacked, it will minimize the impact on your business.

A number of CT SMBs were directly affected by the WannaCry ransomware outbreak. You don’t want to be a victim when the next attack hits. Take proactive measures to protect your systems and back up your data, and find an expert to help you create a disaster recovery plan. If you don’t, the consequences could be very costly.