Ransomware programs – in which a virus locks a computer and holds it hostage until a ransom is paid by the computer’s owner -- have traditionally targeted consumers. But a recent report from Trend Micro found that may be changing.
Trend Micro’s report found 67% of the victims of a ransomware program called CryptoWall in June and July were from the small and medium-sized business (SMB) sector.
"We believe that ransomware will continue to improve its tactics and target more business environments," Trend Micro researchers said.
Why are cybercriminals increasingly targeting SMBs? And what can be done to ensure your company is not the next victim?
The perfect target
Experts say SMBs may now be the preferred target for ransomware because they are less likely to use the types of expensive, sophisticated, multilayered security systems larger companies employ. Also, compared to consumers, SMBs are more likely to have bigger sums of money on hand for cybercriminals to demand. Finally, SMBs are more likely to give into these ransomware demands because their data is often critical to their operations.
Cybercriminals are also getting smarter in how they lure businesses people into opening malicious email attachments. A report by security training and consulting firm KnowBe4 found some ransomware attacks were hitting businesses that used Craigslist to recruit employees. Cybercriminals would search for job postings, then send resumes carrying ransomware.
Trend Micro researchers said the emails they see more often target business users specifically, luring them with things like “resumes, customer orders, passport scans, as well as notifications from postal services, telecommunications companies, utilities and government bodies.”
How can SMBs better protect themselves?
The bad news is antivirus software won’t necessarily protect you from ransomware. If the CryptoWall or other ransomware is known, an antivirus program may block it, but it’s rare that an antivirus program can keep up today. According to AV-Test.org, there are more than 390,000 new malicious programs received every day. However, keeping such protections up-to-date is still worth the effort and definitely does not hurt.
Prevention is truly is the best medicine. Verifying the source of emails and the reputation of websites can go a long way to prevent ransomware. Experts recommend implementing security-awareness training programs that teach employees not to open attachments from unknown senders, not to click on links that seem suspicious and not to allow any software of unknown origin to be installed on their computer or mobile device.
Make sure your company performs multiple backups in case you do get hit. Experts suggest keeping seven to 14 days of backups.
Finally, if your business is hit, don’t pay the ransom, suggests Craig Williams, security outreach manager for Cisco.
“You have no assurances the malware was, in fact, removed,” said Williams. “You could come back the next day and find a different piece of malware; they could re-encrypt your files again.”