Ransomware attacks are not limited to large companies or major infrastructures, leading to an increasing number of organizations being impacted globally.
According to cybersecurity company Deep Instinct, ransomware attacks increased globally by 435 percent in 2020.
“They do not care if you're small, medium or large, it's about monetization at scale,” says Adam Evans, vice president of Cyber Operations and chief information security officer (CISO) for RBC.
“If you're going to operate a business in this digital landscape, you have to educate yourself on how to protect your services,” Evans says.
Protecting your business from cybercriminals begins with understanding what ransomware attacks are, what you can do to prepare and how you can recover if you are targeted.
What is ransomware?
Ransomware is malicious software that locks all the files on your computer, preventing you from accessing them unless you pay a fee to have them released back to you. Or, put another way, it's like someone moves into your house, changes the locks, and then tries to sell your own home back to you for a price.
Reported cases of ransomware have risen exponentially in recent years as criminals have grown bolder with each successful attack. Every time criminals get paid, they see more opportunities to make money. “They've almost been incentivized to focus on disruption because of the likelihood of payment,” Evans says.
In April 2021, Colonial Pipeline Co. shut down 8,850km of its pipline system carrying refined gasoline and jet fuel from Texas to New York for five days after being hit by a ransomware attack. Cybercriminals likely perceived an opportunity to cause mass disruption, which is another common motivator for these types of attacks. From a criminal's perspective, the more disruptive the attack, the larger the ransom will be, and the more likely it will be paid.
Typically, a criminal organization will pay a ransomware provider to use their “ransomware-as-a-service” (RAAS) technology to lock down a target company's systems. In return, the RAAS vendor gets a percentage of the ransom that's paid for every successful attack. There's also usually a licensing fee that the criminal organization paid to use the ransomware technology. The criminals that demand the ransom from the targeted business seek an amount that's high enough to make a large profit but still reasonable to the victim to ensure they pay.
Colonial Pipeline Co. eventually paid a $4.4 million ransom (CAD$5.3 million) to restore service.
The velocity and frequency of ransomware attacks will likely increase as groups in undeveloped countries with limited employment opportunities recruit members into the cybercrime economy, Evans says.
Protecting your small business from ransomware attacks
Though the number of threats may increase, small businesses can take steps to help prevent attacks or to minimize their damage.
“You have to prioritize based on the risks that you see and figure out ‘What are my critical information assets that I need to protect,’” Evans says. Whether it's your intellectual property or your clients' data, you should understand what criminals may target and protect those important assets first, he explains.
You should then develop a plan for recovery if your systems are compromised. “Once you've got your plan, it's about practicing how you're going to respond because when it happens to you, deciding in a time of crisis is not the time to do it,” Evans says.
Businesses should also identify and close any security gaps by engaging companies that could help you restore operations in the event of an attack. “You want to get your services back up and running but you still have to go through the whole investigative process and make sure your environment is still safe to operate,” Evans says.
On average, it takes 16 days for a business to recover services in a ransomware attack, Evans says. Retaining customers in the interim is vital.
“Everybody is getting educated to a point now where they understand that these things happen pretty regularly. It's about how you deal with it,” Evans says. “You can improve your relationship, or it can have a massive impact on your ability to do business and retain your customers.”
Evans points to a shipping company that lost its IT environment overnight. “The very first thing that was communicated was to ‘do what's right for the client and we will figure everything else out.’ And that gave them a very, very simple kind of mandate to follow in the recovery activity.”
Ransomware attacks may be spreading, and they certainly can be daunting, but they do not have to be devastating for small businesses. By being aware of a potential threat and understanding how to prepare, business owners can speed up their recovery in the event of a ransomware attack.