SMBs Target for Ransomware Attacks

SMBs Target for Ransomware Attacks

July 18, 2017

While business thrives from digitisation and e-commerce, the flipside of ease in global trade and convenience is hacking, data-theft and ransomware; with SMBs being the most vulnerable.

By Archana Khatri Das

As digital payments are now mainstream and cryptocurrency is close on its tails, the spate of ransomware attacks have also increased manifold.

Ransomware is malware that locks user access to computer data until a ransom is paid within a specified time period, otherwise the data is lost forever. While anyone may fall prey to ransomware, recent research suggests that unprepared and unprotected businesses, institutions and government agencies are becoming targets of choice.

According to cyber-security experts, ransomware and identity theft have emerged as one of the fastest growing threats to cybersecurity. In an Internet Security Threat Report released by cyber security vendor Symantec, the average ransom demand by ransomware has risen to AUD1,397. Incidents of ransomware also rose more than 90 percent in the previous year. Symantec reported 463,841 ransomware detections in 2016, up from 240,665 in 2015.

Demands by ransom were previously limited to SMS or prepaid cards as mode of ransom payment. The attacks increased with the popularity of digital payments and the rise of digital currency like bitcoin. Crypto and digital currencies have become the most popular method of ransoms because it maintains anonymity of transactions, helping to protect the extortionists’ identity.

Recently, ransomware has become more sophisticated and tougher to decrypt. There is also rise in backdoor attacks i.e applications devised to access computers remotely, focusing on pre-meditated targets.

Some ransomware also has inbuilt infrastructure for self-propagation, like WannaCry, which struck countries across the globe in May 2017.  According to Cybersecurity Ventures, a researcher and publisher on the global cyber economy, ransomware damages are predicted to exceed AUD 6.5 billion by the end of 2017.

The WannaCry ransomeware hit more than 230,000 computers affecting hospitals, universities, manufacturers and government agencies and corporate firms in over 150 countries. The hardest hit was the UK’s National Health Service, Spanish phone giant Telefónica and German state railways. While the world had not yet recovered from the shock of WannaCry, another ransomware NotPetya masquerading as Petya (which had appeared in 2016) appeared in Ukraine in June, and subsequently spread to Russia, Poland, France, Italy, the UK, US, Germany, India and many others…

Cyber-attacks on business is not just damaging from a financial or commercial perspective, disclosing incidents of cyber-attacks publicly can cause major loss of consumer confidence in the brand and reputation. To this end, most companies prefer to quietly pay the ransom and move on.

To deal with the threat of ransomware, cyber security experts says most malware comes in the form of phishing emails, impersonating a known contact. Most of the times, malware sneaks into the system with a ‘too good to be true’ offer, which an unsuspecting individual/employee clicks and lets the malware sneak into the system.

Training of employees on the threats of malware attacks and handling suspicious communications online is paramount. Unfortunately, most SMBs fail to regularly perform security upgrades. A US industry survey released in January 2017 revealed that 52 percent of organisations which suffered successful cyberattacks in 2016 did not make any changes to their security in 2017, simply because they did not have funds to increase cyber security.

Malware is constantly evolving. Some safeguards are strong firewalls, and keeping backup copies of data offline.  It is interesting to note that irrespective of country or region, older IT systems and software is still in use. Gartner predicted in its report Forecast: IoT Security Worldwide, 2016, “By 2020, more than 25 percent of identified attacks in enterprises will involve IoT, although IoT will account for less than 10 percent of IT security budgets”.

Washington-based National Cyber Security Alliance in 2016 alleges that 60 percent of SMBs are compelled to wind up their business within six months after a ransomware attack.

According to US-based Ponemon Institute, which conducts independent research on privacy, data protection and information security policy, the cost of cleaning up and getting back to business for a small business would be AUD 893,343 and over AUD 1.23 million for mid-level enterprises.

While smaller companies may lack financial budgets to strengthen IT firewalls, larger companies are neglecting efforts of protecting employees or training them appropriately. The harsh reality is that most companies don’t realise their firefall has been breached until it’s too late.

Microsoft, whose software was breached by WannaCry in May and by NotPetya subsequently in June, warned all users to update to the latest version of its software in a recent statement:

“As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems”.

Cyber experts believe that the incidents of ransomware attacks are likely to hit companies from healthcare, education and legal sectors, as cybercriminals see organisations in these industries have typically low budgets for IT security related solutions. Moreover, these industries hold social security numbers, medical records, financial information etc, which the concerned organisations would be under pressure to retrieve by paying ransom, and avoid any legal repercussions arising from the theft of personal data.

Ransomware targets businesses irrespective of geographical boundaries. Accordingly, there is dire need for businesses to share threat intelligence regarding malware attacks with other companies.

The UK Government launched an initiative in 2016, the Cyber Security Information Sharing Partnership (CiSP) to aid industry and government in exchanging cyber threat information in real time “in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK businesses”.

The collaboration between the European Parliament, the Council of European Union and the European Commission called as General Data Protection Regulation (GDPR) is one more step which aims at fortifying data protection mechanism for all individuals within the European Union, and applies to exports of data too. The EU General Data Protection Regulation is expected to come into effect in 2018.


Leave a Reply

Your email address will not be published. Required fields are marked *