As Russian military forces escalate attacks in Ukraine, the United States is bracing for another kind of invasion closer to home.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has increased monitoring of ransomware targeting businesses. Jen Easterly, who heads CISA, says the nation should brace for “an uptick in ransomware.”
“It’s incredibly profitable for hackers, so much so that ransomware attacks have doubled in each of the last two years and account for 22% of all 2021 cyberattacks,” said SecureLink chief technical officer Joel Burleson-Davis.
Small businesses are most vulnerable to the expected wave of ransomware attacks. Cybersecurity professionals are urging them to take immediate steps to defend themselves.
“Most small businesses are the perfect target for ransomware hackers,” said Corey White, CEO of security firm Cyvatar.
GAS PRICES SHOOT UP:Average gas price up 11 cents a gallon
They have fewer resources and staffing to prepare for, defend against and recover from attacks, sometimes with devastating consequences.
“Unfortunately, small businesses are targeted more often because they are more vulnerable yet have access to the same critical data or systems that cybercriminals are seeking,” said Eman El-Sheikh, associate vice president of the University of West Florida Center for Cybersecurity.
The risk of ransomware attacks has only increased with Russia’s invasion of Ukraine, said Aimei Wei, founder and chief technology officer of Stellar Cyber.
“Immediately after the conflict broke out, suspected Russian-sourced cyberattacks were observed over a 48-hour period at an increase of over 800%,” she said.
Ransomware and other cyberattacks are commonly used in conventional and cold warfare to gain leverage, said Saumitra Das, chief technology officer of security firm Blue Hexagon. And not always for financial gain: Cyberattacks can weaken national security by crippling businesses and supply chains.
Sanctions to accelerate cyber and ransomware attacks
As the U.S. and its allies tighten global sanctions, attacks will likely accelerate, said Lucas Budman, CEO of security firm TruU.
“As the Russian economy takes a major hit from global sanctions, this will cause immense pressure on organized cybercrime rings based in Russia,” he said. “These cybercriminals have been leveraging ransomware as their go-to currency.”
In ransomware attacks, hackers lock down computer networks and demand payment to regain access. Some target big companies in pursuit of lucrative paydays, while others use a “spray and pray” approach to ransom as many victims as they can find.
“These indiscriminate gangs make money on the volume of infected systems rather than the size of any one victim,” said Chris Hallenbeck, chief information security officer for security firm Tanium.
Last year, hackers broke into a software firm’s system through a software vulnerability. The attack on Kaseya, which sells software to help other companies manage their computer networks, was thought to be the work of a Russian-speaking ransomware syndicate and quickly spread to hundreds of small businesses.
Homeland Security Secretary Alejandro Mayorkas estimated last year that one-half to three-quarters of ransomware victims are small businesses.
Paul Martini, CEO of cybersecurity company iboss, calls it “a ticking time bomb.”
Small businesses at high risk
Yet the vast majority of small business owners don’t believe they will fall victim.
“Most are worrying about the day-to-day aspects of running their business. Cyberattacks often escape their attention,” Hallenbeck said. “When they do hear about it, they often hear of large companies paying sizable ransoms. It’s tempting to view your business as being too small of a fish.”
As a result, small businesses frequently don’t know which of their systems are exposed on the internet, Corey said.
They don’t keep software up to date or patch security flaws. They don’t know the vulnerabilities of the third-party software for payroll and other systems they rely on. They don’t back up files. And they don’t use multifactor authentication, which provides an extra layer of security by prompting users logging into company systems to enter a code sent as a text message, email or push notification to their phones.
The price for being lax on cybersecurity can be steep. A few years ago, a five-person firm was attacked. The ransom, Corey said, was $50,000.
“I suspected they hacked in first immediately and after the forensics was done it proved they were hacked several weeks prior on an unpatched system with weak passwords. They had stolen financial data and were threatening to expose it if they were not paid,” he said. “This is typical of what we are seeing today.”
The good news for small businesses: There are simple, practical steps they can take right now to prevent ransomware attacks that do not require big budgets, more technology or hiring staff, said Karen Evans, managing director of the Cyber Readiness Institute.
Back up your files
Frequently back up your system so if it becomes infected with ransomware, you can restore it. Store backups on a separate device that cannot be accessed from a network.
“Should a ransomware attack occur and data becomes encrypted, you will be able to restore systems post-breach if there’s a backup offline,” said Illumio CEO Andrew Rubin.
It is also important for small businesses to regularly test their backups. “Some businesses may make a fatal mistake of waiting until a ransomware or cyberattack happens to realize that their backups weren’t complete or that they can’t restore them,” El-Sheikh said.
Use multifactor authentication
A Microsoft study estimated that more than 99% of all cyberattacks would have been prevented by multifactor authentication.
Update and patch software
Make sure all operating systems, software and apps are running the latest versions.
Use antivirus software
Install antivirus and antimalware software, use firewalls and other tools, and keep them updated.
Handle email with care
Be careful when clicking on links in emails even if the sender appears to be someone you know. If you are not sure, contact the sender directly.
Malicious website addresses are often very similar to legitimate ones but have slight variations in spelling or a different domain, such as .net instead of .com.
Open email attachments with caution, especially when they are compressed or ZIP files.
“Always visit a website directly and do not trust links in emails or SMS messages,” said Mark Ostrowski, head of engineering for Check Point Software.
Treat employees as your first line of defense
“People can be your strongest asset. Train and educate all of your employees on how to identify phishing and social engineering, turning employees from potential victims into an extension of your security team,” said Tessa Mishoe, senior threat analyst at LogicHub.
El-Sheikh recommends providing cybersecurity training for all employees. “A ransomware attack can start with one person inadvertently clicking on a link, so every team member needs to be cyber aware and responsible,” she said.
Phishing attacks are the most popular entry point for cybercriminals, Evans said. She recommends conducting regular tests to make sure employees can spot a phishing email.
Safeguard passwords, credentials
“Compromised or stolen passwords and other credentials are often used by attackers to access a network, so be sure to enforce good password hygiene, and regularly change credentials for employees that have access to privileged, or valuable information,” Mishoe said.
Evans says small businesses should make sure employees are using strong passwords or passphrases that are at least 15 characters.
Take advantage of free resources
CISA has free ransomware guides including step-by-step directions on how to prevent an attack.