Russian Ransomware Attacks – Small Businesses Beware
Modern Day Brings a New Type of Warfare
With Russian military ramping up their attacks on Ukraine, the United States braces for another kind of invasion closer to home. Call it, Cyber Warfare.
Ransomware used to be the type of attack that targeted larger entities. Companies with lots of data and financial assets. However, in more recent times, the targets seem to be more on the little guys.
This opens the threat level of a ransomware attack to just about anyone. The reason being, it has become incredibly profitable for hackers. Ransomware attacks, which account for over 22% of all cyber-crimes that took place in 2021, have doubled in each of the last two years.
Small businesses are particularly vulnerable to the anticipated surge of ransomware assaults. Cybersecurity experts are asking them to take quick precautions to protect themselves.
Why Should Small Businesses Prepare?
On the surface, they have fewer resources and personnel to plan for, defend against, and recover from attacks. All of which can be devastating.
Small businesses have access to the same critical data and systems that cybercriminals are looking for. In addition to being more vulnerable, this opens them up to being the target more often.
With Russia’s invasion of Ukraine, the risk of ransomware attacks have only increased.
What Russia has to Gain
The reason ransomware and other cyberattacks increase during conventional and cold warfare is to gain leverage.
Cybercriminals in Russia are leveraging ransomware as their go-to currency.
It’s important to note that these attacks are not always for financial gain. Cybercrime weakens national security by crippling businesses and their supply chain.
With the US and allies tightening the sanctions on Russia, we can expect a ramp up of attacks.
The Big Guy vs. the Little Guy
Hackers use ransomware to shut down computer networks and demand payment to restore access.
Some target large corporations in search of large paydays, while others utilize a “spray and pray” strategy to ransom as many victims as they can find.
Nowadays, hackers make money based on the volume of infected systems instead of the size of any one system.
It is estimated that over one half of ransomware attacks last year happened to small businesses.
Despite this fact, you’d be shocked to know that the vast majority of small business owners don’t believe they will fall victim.
As a small business owner, I know it’s that the day-to-day operations that feel most important. It’s easy to dismiss these threats when you think “I’m too small, they’re going after the larger companies.” But, this is exactly what cyber criminals want us to think.
It’s become so common that small businesses don’t consistently update their software or patch security flaws.
I’ve seen it first-hand.
They use a third party software for payroll and other systems unaware of their vulnerabilities. Plus, they don’t back up their files or use multi-factor authentication.
Using a 2-factor authentication alone provides an added layer of security. Users are prompt to enter a code sent by text message or email when logging into company systems.
The good news is, it’s not too late. Preventing ransomware attacks does not require a big budget.
It’s little things you as a small business owner can implement that will make all the difference when it comes to cyber security.
Here’s a breakdown of a few things you can do right now.
1. Back-Up your Files:
Back up your system on a regular basis so that if it becomes infected with ransomware, you can restore it. Backups should be kept on a separate device that is not accessible over a network.
If a ransomware assault occurs and data becomes encrypted, you will be able to restore systems post-breach if there is an offline backup
It is also critical for small businesses to test their backups on a regular basis. Don’t make the fatal mistake of waiting until a ransomware or malware occurs to realize that your backups were inadequate or that they cannot be restored.
2. Use Multi-factor Authentication.
A Microsoft study showed that 99% of all cyberattacks could have been prevented by Multi-factor authentication.
3. Update and Patch Software
Make sure all your operating systems, software and apps are running on their latest versions.
4. Handle your Emails with Care
Even if the sender looks to be someone you know, exercise caution when clicking on links in emails. If you are unsure, please contact the sender directly.
Malicious website addresses are frequently quite similar to legitimate ones, but with minor spelling differences or a different domain, such as “.net” instead of “.com”.
Always open email attachments with caution, especially if they are compressed or ZIP files.
Try to always visit a website directly and do not trust links in emails or SMS messages.
5. Educate your employees.
They can be your strongest asset.
Train and educate all of your staff on how to recognize phishing and social engineering. They’ll be an extension of your security team instead of potential victims.
6. Safeguard your Passwords and Credentials.
Attackers frequently utilize compromised or stolen passwords and other credentials to access a network, so make sure to enforce proper password management and routinely change credentials for employees who have access to sensitive or valuable information.
I can recommend using Keeper Security as a reliable password manager. Check out my video I made on password managers for more information.
Overall, implementing these strategies can almost eliminate the risk of a cyberattack entirely.
It’s a crazy time in the cyber world, do your best to stay safe out there.
If you’d like to discuss cybersecurity measures your own business can take, feel free to book a time to chat with me via the Calendly link below. We’re happy to suggest the best solution for your needs.
Click here to schedule a free 15-minute meeting with Stan Kats, our Founder and Chief Technologist.
STG IT Consulting Group proudly provides IT Service in Greater Los Angeles for all of your IT needs. We look forward to meeting with you!