Sharp Business Systems

Don't get held for ransom!

Schedule an assessement today to see if your network is vulnerable.

 

Schedule an Assessment

What is WannaCry, and should you be worried?

On Friday, May 12, 2017, WannaCry—one of recent history's most damaging and widespread forms of ransomware—rapidly infected more than 230,000 computers in over 150 countries.1 WannaCry spreads from one PC to another by compromising an unpatched Microsoft® vulnerability in Windows® PCs—in many cases victims didn't even click or open anything. It comes with a countdown, and as time goes on ransom increases, and when time runs out it destroys your files. Many experts predict a more dangerous form of ransomware in the near future that could be worse than WannaCry.

Ransomware is essentially cyber extortion because it delivers malicious software that holds your files captive until a ransom is paid. It features an unbreakable encryption, leaving you at the cybercriminal's mercy to unlock the files. At first, you might not even notice you are under attack. In fact, one in 10 U.S. businesses can take up to a year to discover that a breach has occurred.2 You notice when you try accessing a file and an alert message pops up demanding a ransom to be paid in bitcoins, the currency of choice due to its anonymous nature. Some victims pay the ransom out of desperation, and if “luck” is on their side a decryption key is granted. The FBI does not recommend cooperating with cybercriminals because there are no guarantees. There is no effective law enforcement against ransomware attacks, and it is virtually impossible to apprehend cybercriminals.

How can you become a victim?

It's much easier than you think to be victimized. The majority of the time, cybercriminals can gain entry into your system by sending spear phishing emails with infected links or attachments that appear harmless. Once an employee clicks the link or downloads the attachment, it spreads like wildfire locking and encrypting the files on their PC. It doesn't stop there, the malicious software quickly finds its way into your network—potentially bringing your business to a halt. But email isn't the only culprit, intrusions can come from a website or web application, social media, USB stick, business application or from an unknown source. 3

Alarming Ransomware Stats

  • 80% of companies have been cyberattack victims and nearly 50% were hit with ransomware (August 2015-2016) 3
  • 80% of companies that were affected had high-value data held for ransom 3
  • 59% of ransomware attacks come from malicious email 3
  • Top 4 targeted industries are healthcare (53%), financial services (51%), manufacturing (39%) and government (23%) 3
  • The average cost of recovery from a single security incident for business in the U.S. is estimated to be $86.5K for small- to medium-sized businesses (SMBs) and $861k for large businesses 2

Who do hackers target?

It's no surprise that cybercriminals target the institutions we rely on for personal and/or business matters. However, no one is off the hook. It can happen at any given time to any size of business, industry or employee.

  • The top four industries targeted are healthcare, financial services, manufacturing and government.
  • Nearly 80 percent of organizations experienced a cyberattack during the past 12 months and half were victims of ransomware.
  • About 80 percent of companies that experienced a breach had high-value data held for ransom.
  • The impact of ransomware varied by employee level in the U.S. with mid-level managers and senior executives being impacted far more often than lower-level employees. 3

What is the financial impact on SMB?

The Kaspersky Lab study found that the average cost of recovery from a single security incident for business in the U.S. is estimated to be $86.5K for small- to medium-sized businesses (SMBs) and $861k for large businesses. 2 An attack could cause the loss of customers and set a lasting, negative reputation. The longer it takes for a company to identify and contain a data breach, the more it can cost to resolve the issue, and in some cases, shut their doors for good.

  • Almost 20 percent of organizations hit with targeted attacks were demanded to pay more than $10,000.
  • Of the U.S. companies victimized, more than 25 percent lost files as a result of not paying the ransom. 3
  • Organizations that chose not to pay a ransom, opted out thanks to a recent backup of their files.

How to protect your company from ransomware?

Law enforcement cannot protect you, so your employees are often the first line of defense, which might be a scary thought. Along with teaching your staff about cyber threats, it's important to proactively monitor your network and back up your data before a cyberattack occurs. Ransomware insurance has become increasingly popular, and while that may cover the financial impact, the consequences of lost data may be catastrophic.

Don't wait to take action after you've been hit. Here are some pointers on how to prepare for an attack.

  • Educate employees on ransomware and how to identify suspicious emails
  • Back up your files on a cloud-based system every day
  • Frequently check security software to ensure settings are accurate and up to date
  • Install a firewall, antivirus and malware protection to form a chain of security defenses to help cover any gaps
  • Restrict network traffic to block suspicious emails and compromised websites
  • Whitelist software that is allowed to run on your network
  • Limit employee access to install software on the network

Even if your company has an in-house IT department, it may be necessary to team up with a trusted IT services partner to proactively monitor your network 24 hours a day, 7 days a week—even on holidays. Often times IT departments are busy juggling critical projects but neglect maintaining the health of your network. A watchful eye must be kept on your network at all times to tackle cyber threats before they cause irreparable damage.

Security Assessment

Contact Us Today

Reach out to one of our technology specialists at Sharp Business Systems so we can help to identify vulnerabilities in your IT infrastructure and formulate a backup and disaster recovery plan to ensure business continuity should ransomware strike.

X3.FormBuilder