Ransomware and SMBs: The Backup Plan Should Be the Main Plan

    The threats from malware of various types are scary in unique ways. Hacking autonomous vehicles means that the brakes can be locked or the car thrown into reverse. Internet of Things (IoT) hacks can tap into security cameras and baby monitors. Ransomware can lock up an organization’s vital data.

    The good news is that after a period in which ransomware was seen as an existential threat against which organizations were powerless and bad news piled atop bad news, some good news is emerging. Ransomware, which is growing, is a personal affront, and small- and medium-sized businesses (SMBs) are as vulnerable to this threat as any other business. Indeed, the usual challenges facing smaller business – that they have smaller (or no) IT staffs that may have trouble keeping software patched and otherwise – makes them more susceptible. This is sobering because the price for falling behind may be going out of business.

    SMBS as Ransomware Targets

    SMBs in most cases are seen as low-hanging fruit by criminals.

    “The impact of a ransomware infection for SMBs can be devastating, both in downtime and cost,” wrote Norman Guadagno, a senior vice president at Carbonite. “However, as ransomware attacks continue to make headlines, more and more SMBs are paying attention and equipping their businesses with the resources and the necessary backup strategies and solutions to ensure they do not fall victim to such attacks.”

    Far from assuming that they will fly under the radar, small businesses need to be extra vigilant, according to Maureen McCormick, the senior director of Enterprise Marketing and Customer Engagement for security firm FireEye.

    “Ransomware is more effective when it targets SMBs,” she wrote. “Attackers will target specific organizations such as health care, education, government and financial institutions because their digital assets are critical to their business or serving the public.”

    McCormick echoed the thought that SMBs often lack personnel and up-to-date software. “[It’s] smash and grab,” she wrote. “In many cases, ransomware targeting SMBs will demand an amount of money that an SMB can afford.”

    The problem is severe. In late July, Malwarebytes released research that raised red flags about just how vulnerable SMBs are to ransomware. Twenty-two percent of SMBs infected with ransomware ceased business operations immediately. The report, which tracked 1,054 companies with 1,000 or fewer employees in North American, France, the UK, Germany, Australia and Singapore, offered sobering perspective on ransomware and SMBs. In addition to more than two in 10 shuttering, one in six that were infected experienced 25 or more hours of downtime. Some were down for more than 100 hours.

    The types of ransomware are proliferating. We have seen Petya, NotPetya, GoldenEye and others. It is, unfortunately, a thriving element of the malware community. Though it seems overwhelming, SMBs can take action.

    SMBs Taking Action to Deal with Ransomware

    Suggestions were offered to IT Business Edge by Guadagno; David Dufour, the senior director of Engineering and Cybersecurity at WebRoot; and Andrey Pozhogin, the senior regional product marketing manager for Kaspersky Lab North America. Their recommendations, which overlapped considerably, include employing multilayered defenses, using next-generation antivirus software, educating employees to spot phishing exploits and, according to Guadagno, “locking down open network shares.”

    Two points seem important to focus on. The first is that the single most important preventative is training employees to be careful about what they open in an email.

    “Email needs to be secured as an absolute majority of ransomware uses email as means of delivery,” wrote Kaspersky’s Pozhogin. “As a crucial part of the kill chain, users need to be aware and trained to recognize malicious emails and infection symptoms.”

    The other point is the good news: There is a potential silver bullet. Simply, if ransomware ceased being profitable, it would fade away. Organizations can make this happen by simply creating backups of important data. It won’t matter if the day’s sales receipts are locked up by ransomware if a copy exists on an unconnected server down the hall. Doing this can turn a crisis into a mere annoyance. “[T]he best outcome for an organization post-infection is to restore from backup as soon as possible and resume operations,” Pozhogin wrote.

    Organizations that haven’t made backups may be in for bad news, according to WebRoot’s Dufour. “Unfortunately, some strains of ransomware leave data irretrievable because of poor coding by cybercriminals,” he wrote. “If this is the case, unfortunately there is no point in paying the ransom.”

    Unfortunately, it will take time to train organizations to make such thorough backups as a matter of rote. This means that advice on steps to be taken once a company is impacted is important. Pozhogin suggests alerting federal law enforcement and not paying, or even communicating with, the attackers. He points out that there are ethical concerns and that 20 percent of companies that paid the ransom don’t get their files back, anyway.

    Ransomware clearly is one of the most frightening and invasive of many security challenges that an SMB can face. It will continue to be so as threats evolve. It will remain frightening, but there is more good news on ransomware than in the past. Pozhogin suggests that organizations hit by ransomware are doing a better job of doing the right thing, such as making backups and educating themselves on malware.

    Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at and via twitter at @DailyMusicBrk.


    Carl Weinschenk
    Carl Weinschenk
    Carl Weinschenk Carl Weinschenk Carl Weinschenk is a long-time IT and telecom journalist. His coverage areas include the IoT, artificial intelligence, artificial intelligence, drones, 3D printing LTE and 5G, SDN, NFV, net neutrality, municipal broadband, unified communications and business continuity/disaster recovery. Weinschenk has written about wireless and phone companies, cable operators and their vendor ecosystems. He also has written about alternative energy and runs a website, The Daily Music Break, as a hobby.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles