Despite the big numbers, it's small users who may be suffering the most. There's reason to believe that small businesses are among the primary targets – perhaps even more than big businesses - of ransomware hackers. According to one study, the average payment demanded by hackers for releasing a system was $679 – an amount that seems paltry, almost, except when you put it in context with who the victims of these demands really are.
Perhaps the most important statistic – the one that makes the whole effort worthwhile for hackers - is that some 70% of victims pay up, according to a report by IBM. Of those, more than half paid $10,000 or more in ransom to free up their data. A Ponemon Institute study shows that 56% of companies surveyed said they are not ready to fend off ransomware attacks, and just 38% said they have a strategy to deal with ransomware and other malware.
Another Ponemon study says that while 66% of respondents rate the threat of ransomware as very serious, only 13% rated their companies’ preparedness to prevent ransomware as high.
While most small business owners believe that they are more or less immune to ransomware – you can't get blood from a stone, after all – the truth is that hackers are far less selective in their targets. One study shows that in 2015, 43% of all cyber-attacks, especially ransomware attacks, targeted small businesses. Given the fact that most companies, large and small, pay off the hackers, there's no reason to believe that things will change in 2017.
That's the secret of ransomware success: There really is no business too small to be attacked. While the database of a local dry cleaner may not appear to be as important as that of a national bank, it is to the dry cleaner; hence, his willingness to pay, and if he can get his business back for $679, then the expense is certainly worth it, isn't it?
That is certainly a secret to hackers' ransomware success: Data is important to someone, somewhere – and to get their data back, people will pay. Of course, paying up is no guarantee that the hackers will release the security key that opens up the locked data; if a victim is willing to pay once, why not twice or thrice?
Once an attack occurs, it's usually too late – although some victims have likely had luck using decryption tools from sites like the No More Ransom Project. Having a good backup system could help a business quickly recover from an attack, but it's not foolproof. In one survey of medium and large companies who didn't pay up, 81% of IT pros said they were “confident” they could cope with an attack, fully restoring their data from backup – but only 42% were able to do so.
That's likely with the advanced backup systems such organizations would have; most small businesses aren't that fortunate, and for most small business people, educating themselves – or paying a consultant to do it for them – about how to use the dizzying array of cyber-defense tools is probably a non-starter.
For them, prevention is going to be key. Indeed, preventing ransomware attacks from reaching companies in the first place is a lot like avoiding any other kind of malware – except that the stakes are higher, so organizations need to be very aware of what they can do, what they can't do, and what steps they need to take to upgrade their capabilities.
Prevent how? According to a report by Osterman Research, “email was the most likely attack vector for ransomware, either via email attachments or malicious links in email messages.” According to the report, 31% of ransomware attacks entered a business via a direct email link, while 28% entered via an email attachment (a Word document with “dirty macros,” for example). Only a quarter entered when engaging with a web site or an application – while infection rates from social media or USB sticks were negligible.
One effective way of disarming such attacks is to use a system that stops rogue files from getting onto the system in the first place, a “gatekeeper” that nabs malware-laden files before they are passed through to users. Instead of concentrating on detection, installing a system that prevents bad files from getting through in the first place.
Technology exists that allows systems to examine files before they are “waved through” by examining the code in an attachment or what lies behind a link, dissecting and reconstructing them to examine what is at their core. If an email or attachment checks out, it is allowed to proceed, and if not, it gets dumped, kept away from users and rendered harmless.
In any event, the bottom line for small businesses is clear: Get control of your email and/or how you engage with it, and you'll reduce your chances of becoming a ransomware victim by a whole lot.