iphone with cyber security login screen and laptop in background

Ransomware attacks are not limited to large companies or major infrastructures, leading to an increasing number of organisations being impacted globally.

According to cyber security company Deep Instinct, ransomware attacks increased globally by 435 percent in 2020.

“They do not care if you're small, medium or large, it's about monetisation at scale,” says Adam Evans, vice president of Cyber Operations and chief information security officer (CISO) for RBC.

“If you're going to operate a business in this digital landscape, you have to educate yourself on how to protect your services,” Evans says.

Protecting your business from cyber criminals begins with understanding what ransomware attacks are, what you can do to prepare and how you can recover if you are targeted.

What is ransomware?

Ransomware is malicious software that locks all the files on your computer, preventing you from accessing them unless you pay a fee to have them released back to you. Or, put another way, it's like someone moves into your house, changes the locks, and then tries to sell your own home back to you for a price.

Reported cases of ransomware have risen exponentially in recent years as criminals have grown bolder with each successful attack. Every time criminals get paid, they see more opportunities to make money. “They've almost been incentivised to focus on disruption because of the likelihood of payment,” Evans says.

Lindy Cameron, head of the UK's National Cyber Security Centre (NCSC) has stressed the importance of the country's cyber resilience to stop cyber attacks.

Speaking at the Royal United Services Institute (RUSI) Annual Security Lecture, Cameron urged both businesses and the public to take ransomware threats seriously.

Ransomware attacks are the key cyber threat facing the UK, says Lindy Cameron, NCSC

Travelex, a UK-based provider of foreign exchange services, reportedly paid $2.3 million (£1.65 million) in 2020 after cyber criminals infiltrated its network. It resulted in its systems going offline through a ransomware attack and the company subsequently fell into administration and had to be restructured with the loss of 1,300 jobs.

Connect with a relationship manager

Don’t have an RBC relationship manager and wish to find one? Get in touch with one.

In April 2021, Colonial Pipeline Co. shut down 8,850km (5,499 miles) of its pipeline system in the U.S. for five days after being hit by a ransomware attack. Cyber criminals likely perceived an opportunity to cause mass disruption, which is another common motivator for these types of attacks. From a criminal's perspective, the more disruptive the attack, the larger the ransom will be, and the more likely it will be paid.

Typically, a criminal organisation will pay a ransomware provider to use their “ransomware-as-a-service” (RAAS) technology to lock down a target company's systems. In return, the RAAS vendor gets a percentage of the ransom that's paid for every successful attack. There's also usually a licensing fee that the criminal organisation paid to use the ransomware technology. The criminals that demand the ransom from the targeted business seek an amount that's high enough to make a large profit but still reasonable to the victim to ensure they pay.

Colonial Pipeline Co. eventually paid a $4.4 million ransom to restore service.

The velocity and frequency of ransomware attacks will likely increase as groups in undeveloped countries with limited employment opportunities recruit members into the cyber crime economy, Evans says.

Protecting your small business from ransomware attacks

Though the number of threats may increase, small businesses can take steps to help prevent attacks or to minimise their damage.

“You have to prioritise based on the risks that you see and figure out ‘What are my critical information assets that I need to protect,’” Evans says. Whether it's your intellectual property or your clients' data, you should understand what criminals may target and protect those important assets first, he explains.

You should then develop a plan for recovery if your systems are compromised. “Once you've got your plan, it's about practicing how you're going to respond because when it happens to you, deciding in a time of crisis is not the time to do it,” Evans says.

Businesses should also identify and close any security gaps by engaging companies that could help restore operations in the event of an attack. “You want to get your services back up and running but you still have to go through the whole investigative process and make sure your environment is still safe to operate,” Evans says.

On average, it takes 16 days for a business to recover services in a ransomware attack, says RBC Chief Information Security Officer Adam Evans

Retaining customers in the interim is vital.

“Everybody is getting educated to a point now where they understand that these things happen pretty regularly. It's about how you deal with it,” Evans says. “You can improve your relationship, or it can have a massive impact on your ability to do business and retain your customers.”

Evans points to a shipping company that lost its IT environment overnight. “The very first thing that was communicated was to ‘do what's right for the client and we will figure everything else out.’ And that gave them a very, very simple kind of mandate to follow in the recovery activity.”

Ransomware attacks may be spreading, and they certainly can be daunting, but they don't have to be devastating for small businesses. By being aware of a potential threat, and understanding how to prepare, business owners can speed up their recovery in the event of a ransomware attack.

RBC is committed to helping clients and their businesses stay secure and resilient. Through a dedicated cyber security website, you will find resources and best practices for how to protect your business.

To further support business clients, RBC has partnered with law enforcement agencies to identify the most common cyber security threats impacting small and medium businesses.

The Little Book of Big Scams also aims to increase awareness of cyber threats. Inside you'll find best practices and simple steps you can take to safeguard your business and employees.

Business owners can also download the Cyber Security Crisis Management Template for Small to Medium Businesses. It lays out the foundations for proper crisis management and the steps to recovery if a cyber attack were to occur.