Ransomware: when the movies become reality

Over the past few years, ransomware has become one of the most effective strategies used by cybercriminals to extort businesses.

There’s something reasonably ‘Hollywood’ about a ransom. Robbers hold-up a bank and take hostages, setting the ransom as a getaway car or helicopter. We’ve all seen it at the cinema. These farfetched storylines may leave the average Joe believing that they won’t ever find themselves in a situation where they need to settle with criminals. Yet, in reality, the prospect of being forced to pay a ransom is today more likely than ever before.

Over the past few years, ransomware – which enables hackers to hijack a business’ data, encrypt it, and hold it under password protection until a ransom is paid for its release – has become one of the most effective strategies used by cybercriminals to extort businesses. It can take a number of guises but the predicament always remains the same; don’t pay and lose potentially business-critical data for good, or give in and potentially regain access. Such is the increasing frequency of attacks, it’s no longer if, but when, businesses will be forced in to answering this question. 

Consumers aren’t safe either, cybercriminals prey on fear and the lack of understanding. For example, the recent iPhone ransomware ‘attacks’ forced users to pay £100 in iTunes vouchers to remove pop-ups which blocked the phone’s browser. The attacks turned out to be fake with no encryption actually taking place, and clearing the browser cache was enough to restore access. However, it highlights the tactics cybercriminals are willing to use to get something for nothing. 

Smaller businesses represent a lucrative haul 

Small and medium-sized businesses (SMBs), in particular, are in the crosshairs. According to Datto’s own research, which involved surveying 148 European IT service providers, 87 per cent reported that their SMB clients had been targeted by ransomware in the 12 months up to September 2016. More shockingly, 40 per cent of businesses reported more than six attacks in the same time frame, and 27 per cent had experienced multiple attacks in a single day. The problem is worsening.   

While on paper it may seem that bigger companies represent the bigger catch, it’s actually SMBs that collectively represent the more profitable target. Today, criminal organisations are well-funded, professional outfits that have an entire ransomware armoury – made up of different variants including Cryptolocker and Locky – which they can use to spam unsuspecting victims. The majority of SMBs do not have the IT budget or expertise to defend against such attacks, and cybercriminals know that it only takes a small percentage of targeted firms to pay up in order to expand operations further. 

Paying ransoms seems like the least bad option 

Cybercriminals set more affordable ransoms when targeting SMBs. They understand the psychology and that smaller amounts are more likely to get paid. The research identified that the average ransom amount is priced between £500 and £2000. While some will find any amount expensive, others simply take it on the chin. It’s a digital world and these things happen, and the other costs associated with attacks could greatly outweigh the ransom.  

On top of this, there’s the cost of downtime. Time is money, and for every moment a small business isn’t operating, it’s missing out on the revenue required to cover its liabilities and overheads. Not all will have a financial buffer that they can rely on to help cover costs, so remaining up and running is vital. In fact, 62 per cent of businesses complained that ransomware caused business-threatening downtime.

There’s also the potential damage to reputation. What happens if attackers threaten to publicise which companies they’ve targeted if ransoms aren’t paid? Customers may see and feel that their data isn’t safe and take business elsewhere, and prospects may be deterred completely. Facing these prospects, SMBs panic and they pay up. 

What all businesses must remember is that there is no guarantee that the attackers will unlock the data even after the ransom is paid. These are shrewd criminals; ransom amounts could suddenly increase and passwords to data may never be provided. In addition, once a firm has a reputation for caving into ransom demands, it could find itself repeatedly targeted.  

Poor awareness remains a big challenge 

There undoubtedly remains a lack of understanding around ransomware. Forty-nine per cent of businesses claimed the source of their attack was a phishing email, highlighting that employees can’t always determine if communications are genuine. More alarmingly, fewer than five per cent had implemented cybersecurity training of any kind, leaving them vulnerable to the entire spectrum of cyber threats. 

This lack of awareness is partly due to low reporting figures, with only 40 per cent of businesses actually reporting attacks. One reason for this is due to the ransom amounts being low enough for small businesses to stomach the costs. However, ransomware is still a relatively new threat so there are still only low levels of understanding throughout the industry and law enforcement. Firms that come forward will help expand knowledge around the tactics used and the measures required to combat them. 

Cybersecurity means belt and braces 

Such is the sophistication and variations in cyberattacks, firms can no longer rely on one form of cyber defence. Small businesses realise the need for firewalls and antivirus, but 90 per cent of those infected with ransomware had such tools in place. A single-layered approach is no longer sufficient; cybercriminals will find a way in. As such, for times when all else fails, businesses must be able to rely on backup.

Taking snapshots of data isn’t a new idea, it is continuously provided as advice to small businesses to mitigate the risk of fire, floods and accidental deletion. Yet, regular backup can act as the last line of defence against cybercriminals too. If ransomware affected businesses can revert systems back to a ‘clean version’ that would have been created minutes ago, they can restore and be up and running again quickly. Virtually no downtime and definitely no ransom. 

Advanced backup solutions are making it even easier to identify ransomware attacks. They’re beginning to integrate anti-ransomware technology which automatically compares new snapshots against old ones to identify anomalies, flagging if it believes ransomware has entered the system and enabling the company to revert back. 

Ultimately, ransomware is a growing epidemic and one that will continue to claim victims until a greater understanding exists. To better defend themselves now, SMBs must realise that an ‘onion’ (multi-layered) cybersecurity approach is required to fend off increasingly sophisticated attacks. Frontline antivirus and firewalls must be used in conjunction with backup and, only then, can businesses take a lesson from the movies and not negotiate with criminals.

Andrew Stuart, managing director, EMEA, Datto
Image Credit: Datto