Why are SMBs Under Attack by Ransomware

It’s no secret that the scope and severity of ransomware attacks are on the rise. Yet, what often flies under the radar of small and medium-size businesses (SMBs) is that the target is not only larger enterprises.

An overwhelming 85% of managed service providers (MSPs) report attacks against SMBs. Yet, remarkably, only 28% of SMBs are concerned about ransomware. Although demands may not hit the multi-million dollar levels that large organizations encounter, an attack can result in an extortion attempt reaching tens of thousands of dollars or more.

Webroot’s report, The Hidden Costs of Ransomware, found that:

• 50% of attacks resulted in ransomware demands exceeding $50,000
• 40% of these attacks required more than 8 man-hours to address (typically at a cost of $100 to $250 per hour)
• 46% said the attack affected their customers

To be sure, the results can be dire for an SMB. The costs and loss of customers can significantly hurt a small or midsize company — especially on top of COVID-19-related challenges they’re already trying to manage.

Methods Evolve

Unfortunately, the ransomware we’re seeing today is far more sophisticated than what appeared only a few years ago. For one thing, the malware itself is sneakier and more difficult to detect. Phishing methods, including emails and links, often look like authentic messages. Once activated, the malware may hide in memory, or different versions of malware may lurk in various hidden folders and systems along with backup sets.

Another concern: Ransomware-as-a-service has gone mainstream. It’s now possible for individuals with limited technical expertise to download packages from the Dark Web and deploy them within minutes.

Finally, professional ransomware gangs have altered their tactics. They’re not only encrypting files and demanding a ransom. They’re also exfiltrating sensitive data and demanding a ransom to avoid going public with the information. In many cases, these cybercriminals thoroughly research a company and pick targets and prices based on what they believe an organization can actually pay.

Businesses that aren’t adequately prepared face a conundrum: Pay the attackers and hope that they will decrypt files and not release sensitive information, or don’t pay and suffer the consequences. Yet, even if an SMB pays the ransom, Webroot has found that about 17% of those that coughed up the money for a ransom still didn’t get their data back.

Getting Defensive

SMBs must start with the recognition that it’s not a question whether your organization will be attacked, but rather when an attack will occur.

As a result, a defense-in-depth strategy is essential. Key components include malware protection, digital rights management (DRM) and encryption, security tools such as VPNs and endpoint protection, DNS security that can detect risky websites, and authentication solutions, including multi-factor authentication (MFA). The latter can stop thieves even if they steal a password.

It’s also critical to install patches consistently and have multiple backups in place, typically in different places and disconnected from one another. Today’s malware targets backups—so you’re not safe with a single set.

However, perhaps the most important component is employee education and training. The latest 2021 Verizon Data Breach Report (the largest and most reliable assessment of breaches) has found that 85% of breaches involved a human element like phishing, pretexting or some other human error or social engineering. 

Find an excellent MSP that not only understands technologies, but also knows how to layer them and build a proactive cybersecurity strategy. Focus on employee training. Have a response and recovery plan in place if you wind up getting hit. Finally, make sure you have the resiliency in backups and recovery that you never have to pay the ransom because there is a 17% chance you’d pay and not get the data back anyway!

For more information, visit Webroot.