TechTalk Tuesday Logo

Some companies think they are too small to worry about experiencing a ransomware attack. Small and medium-sized businesses (SMBs) may let their defenses down, figuring that cybercriminals have bigger fish to fry.

These SMBs couldn’t be more wrong. Recently, a college organization and a children’s museum both located in Rhode Island were attacked by ransomware. Both organizations were collateral damage in an attack on a third-party vendor that supplies fundraising software.

Hackers that use ransomware also target SMBs directly because of perceived vulnerabilities and the likelihood that smaller companies will pay a ransom. With ransomware attacks, as with other security incidents, the question isn’t if it will happen but when it will happen.

Here are 3 reasons why SMBs should protect themselves against ransomware:

ransomeware-attack-firstlight1) Dharma ransomware

The Dharma virus displays a troubling stage in the evolution of ransomware. Instead of relying on a phishing email, Dharma strikes companies through brute force, gaining access through remote desktop protocol (RDP), bombarding the system with password attempts, and even uninstalling security software. Dharma is also notorious for attacking SMBs, particularly during the pandemic.

Dharma is ransomware as a service (RaaS). Any aspiring cybercriminal can access Dharma and use it to stage attacks on companies. No expertise in coding or criminal sophistication is necessary. The hacker can just write an email, attach the virus, send it out, and wait for results.

2) High success rate with SMBs

Hackers continue to target SMBs with ransomware because the attacks work. Cybercriminals that use ransomware don’t go after enterprises for millions of dollars. Instead, they stage numerous attacks on smaller businesses for amounts in the thousands or tens of thousands of dollars.

Because ransomware attacks are easy to stage, individual attacks don’t need to bring in a large ransom. After a while, the money adds up.

Hackers figure SMBs will be more likely to pay a smaller amount for the decryption key to free their files than pay to fix the system themselves. As an attack on a city in the Mid-Atlantic region in 2019 showed, recovering from a ransomware attack without paying the ransom can end up costing the victim millions.

These attacks are also successful because of urgency. Smaller businesses have to beat the clock: weeks spent troubleshooting the system and attempting to restore files and applications may mean financial ruin for an SMB.

stop-ransomeware-attacks-firstlight3) Security vulnerabilities

SMBs may be less likely than enterprises to have sophisticated intrusion detection, intrusion prevention, or security incident and event management (SIEM) tools in place that can identify threat patterns using advanced analytics.

Enterprises may be training their employees to identify and avoid opening suspicious emails. Larger companies have the funds to remove vulnerabilities, such as unpatched applications and legacy hardware. They also have the budget to create secondary data centers to store backup files off-site, where they are safe.

Being Prepared for Ransomware

Surviving a ransomware attack is not beyond the means of SMBs. Smaller businesses can protect themselves while being cost efficient by using the right backup and recovery strategy.

Best practices for backup are described by the 3-2-1 rule: 3 backup copies, on 2 different storage media, with one copy stored off-site. Another best practice is to consider an air-gapped copy of backup data, or an immutable backup copy.  These options make it nearly impossible for a hacker to infect backup files.  Cloud backup and recovery makes it easier to achieve these goals.

FirstLight helps companies of all sizes in all types of industries defend themselves against ransomware with cloud-based backup and recovery. FirstLight Cloud Backup is powered by Veeam and allows companies to scale their backup and to pay for the capacity they need.

We own all our cloud resources as well as the supporting high-speed fiber optic network. Our engineers also provide 24/7/365 monitoring.

Want to know more about how FirstLight can help you fight against ransomware? Reach out for info today.