A woman sits at a desk with one hand to her forehead and her eyes closed. She looks defeated. The computer monitor on her desk displays a red and white window filled with text. An icon of a closed padlock suggests that the computer is locked.
Ransomware attacks continue to plague businesses of all sizes, and a recent report shows ransomware attacks have increased by 80% year-over-year in 2022. — Getty Images/PRImageFactory

Last year, the federal government stepped up efforts to combat ransomware, announcing a new directive from the White House to federal agencies to protect businesses from ransomware. These efforts bore fruit: The Justice Department successfully seized $2.3 million in bitcoin from the Colonial Pipeline Attack, and took part in bringing down the REvil ransomware gang.

However, ransomware attacks continue to plague businesses of all sizes, and a recent report shows ransomware attacks have increased by 80% year-over-year in 2022. The Ransomware Taskforce estimated that small businesses were the victims of 70% percent of ransomware attacks in 2021.

Small merchants can no longer ignore the risk of ransomware. Here’s what you need to know about this type of cyberattack and some measures you can take to protect your business from a ransomware attack.

[Read more: 3 Security Threats Your Business Should Be Preparing for Now]

What is ransomware?

Ransomware is a type of malware attack that encrypts a victim’s files so they can’t access their information, effectively holding their data for ransom. The hacker usually asks for payment in order to restore access and decrypt the user’s data.

A recent example of ransomware took place in July 2020 when Garmin, a navigation and fitness wearables company, was hit with an attack that downed service for virtually all its customers.

“Hackers deployed the ransomware tool WastedLocker, which encrypts key data on a company’s digital infrastructure,” reported Cyber Security Hub. “In the case of Garmin, website functions, customer support, and user applications were all affected. Unlike typical ransomware software, WastedLocker does not steal identifying information and hold it for ransom. Instead, it renders programs useless until decrypted.”

To restore service, Garmin reportedly paid $10 million for the decryption key after four days of outages.

Federal action to combat ransomware

In November, the government announced the establishment of an International Counter Ransomware Task Force (ICRTF) to promote information and capability sharing with international partners.

The ICRTF aligns with other efforts by the administration, announced in 2021, to combat ransomware domestically.

An incident response plan is a set of steps that helps your IT team detect, respond and recover from a security incident.

“These efforts include disrupting ransomware networks, working with international partners to hold countries that harbor ransomware actors accountable, developing cohesive and consistent policies towards ransom payments and enabling rapid tracing and interdiction of virtual currency proceeds,” wrote Anne Neuberger, the deputy national security adviser for cyber and emerging technologies.

The White House issued guidance to help small business owners reduce the risk of a successful ransomware attack. These best practices include the following five steps:

  1. Back up your data, system images and configurations: Keep your backups offline and regularly test your backup configuration to make sure it’s working and disconnected from any business network. Maintaining offline backups is critical in the event of an attack.
  2. Update and patch systems promptly: Keep your operating systems, applications and firmware up to date with the latest versions, as these updates come with security patches and correct vulnerabilities. “Consider using a centralized patch management system; use a risk-based assessment strategy to drive your patch management program,” said the White House memo.
  3. Create and test an incident response plan: An incident response plan is a set of steps that helps your IT team detect, respond and recover from a security incident. Make sure your incident response plan includes steps for recovering business operations and a strategy for business continuity while your system recovers. Make sure to test this plan in a non-emergency situation so that you know your bases are covered.
  4. Double-check your IT team’s work: If you can, hire a third party to test the security of your systems and identify any vulnerabilities. Pen testing (short for penetration testing) is a security exercise in which an expert attempts to breach your defense—highlighting where your system is flawed so you can fix it.
  5. Segment your networks: The White House reports a recent shift in ransomware attacks. Instead of stealing data, many attackers are simply disrupting operations, which is still costly and devastating for merchants. As a result, the White House is recommending that business owners separate core business functions from manufacturing or production operations. That way, if one part of your business is compromised, you can still maintain some operability.

[Read more: Does Your Small Business Need Cyber Insurance?]

What small business owners can do

The Department of Homeland Security (DHS) and the Department of Justice (DOJ) offers a resource, StopRansomware.gov, to help businesses mitigate their ransomware risk. This comprehensive website includes a Ransomware Readiness Assessment (RRA), which is a self-assessment to help you evaluate how prepared your company is for a potential attack.

Along with the steps outlined above, there are tools and software that you can install that also help protect your data from ransomware and other types of malware. Installing 2FA or multifactor authentication is a good place to start. Most experts also recommend taking a layered approach to cybersecurity, using anti-virus and anti-malware software and cloud data loss prevention to protect your network.

Ransomware is often delivered via phishing, a type of scam in which a hacker tricks a user into clicking on a link or opening an attachment. This action initiates the ransomware to execute, encrypting your files and locking you out of your system. Phishing attacks are so effective because they have become increasingly more sophisticated.

“Some phishing campaigns remain really, really obvious to spot — like the prince who wants to leave his fortune to you, his one long-lost relative, but others have become to be so advanced that it's virtually impossible to tell them apart from authentic messages,” wrote ZDNet. “Some might even look like they come from your friends, family, colleagues or even your boss.”

Training your employees to spot phishing attempts can help prevent ransomware attacks. There are a few reliable “tells” that can help your team spot a scammer. Signs of phishing include:

  • Poor spelling/grammar.
  • A suspicious URL or link.
  • A strange sender e-mail address.
  • An unsolicited attachment.
  • An offer that seems too good to be true (e.g., Click to claim your free prize!).
  • A request to update your payment information.

Phishing attacks and ransomware go hand-in-hand and learning to avoid one can help prevent the other. Sign up for regular updates from the Anti-Phishing Working Group website, and speak to a security expert to get specific advice for protecting data at your business.

CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.

CO—is committed to helping you start, run and grow your small business. Learn more about the benefits of small business membership in the U.S. Chamber of Commerce, here.

Published