Ransomware: What SMBs should know

30 May 2022

    Ransomware is one of the biggest threats to businesses today, and with new attacks hitting the news on a daily basis, the risk can seem overwhelming. But what actually is ransomware, and how can businesses protect themselves? In this series, we will take an in-depth look at ransomware, highlighting specific methods of attack such as email compromise, vulnerabilities and the Remote Desktop Protocol, delving into supply chain attacks, and giving advice on how businesses can mitigate the risk .

    Read more articles from the series:

    PART 2: Ransomware: The many dangers of Remote Desktop Protocol

    PART 3: Ransomware: How to provide a valuable layer of protection to email

    PART 4: Ransomware: The need to protect your supply chain

    PART 5: Ransomware: A game of cat and mouse

    PART 6: Ransomware: How to protect your company against attacks


    What is ransomware?

    Ransomware is a type of cyberattack that seeks to encrypt, prohibit or severely restrict access to the victim’s data, device or entire systems until ransom demands have been met and the user’s data is restored. The damage caused can be severe and widespread. The largest ransomware attack to date – WannaCry – affected more than 230,000 computers across 150 different countries back in 2017.


    Ransomware today is commonplace, and has been exacerbated by the current hybrid work trend. Between January 2020 and June 2021, there have been an incredible 71 billion ransomware attacks worldwide. While no one is safe, SMBs have increasingly become attractive targets for attacks. This is because, although they hold plenty of valuable customer and financial data, they often lack the robust security measures employed by large corporations. What also exacerbates the situation is that because they don’t see themselves as potential targets, they are less likely to back up their data.


    While we have seen several variants of ransomware since its emergence in 1989, they can generally be broken down into four main types:


    • Screen locker ransomware, which blocks access to your device through a screen locker
    • PIN locker ransomware, which changes your device’s PIN code, rendering its content and functionality inaccessible
    • Disk coding ransomware, which encrypts the MBR (Master Boot Record) and/or critical file system structures, preventing you from accessing your operating system
    • Crypto-ransomware, which encrypts the files on your disk


    How does it work technically?

    As employees have moved to working from home and accessing internal company systems and services via Remote Desktop Protocol (RDP), and there’s an increasing trend of employees bringing their own devices to work (BYOD), cybercriminals have leveraged this as a vector to deliver ransomware as well as other malicious threats. However, this isn’t the only vector being used. Malspam and phishing campaigns delivering dodgy documents, malicious macros, harmful hyperlinks and botnet binaries also remain popular.


    Then there are cybercriminals who run ransomware as a service (RaaS) schemes to gain access to a machine via known vulnerabilities and then move laterally across the network, before deciding where to encrypt. Others conduct supply-chain attacks to access entire IT ecosystems. By commandeering popular managed service provider (MSP) platforms and productivity tools, threat actors can unleash ransomware across multiple networks at scale.


    How does it work psychologically?

    Ransomware works by placing pressure on its targets. This could be the pressure of reputational damage, business outages or even legal and financial penalties. Its effectiveness has led to hundreds of millions of dollars ending up in the accounts of cybercriminals. Recent ransoms, such as the $70 million demanded by Sodinokibi in the Kaseya attack or the $40 million paid by CNA, demonstrate the scale of the problem in 2021.


    Unfortunately, this has led to a vicious circle. As large sums flow into the coffers of ransomware gangs, it allows them to further develop their RaaS business model and onboard numerous new affiliates.


    Don’t become a statistic

    Ransomware turns an unfortunate malware incident into psychological warfare that aims to force victims to act against their own will and best interests. Realizing you have become a victim generally doesn’t take long. Ransomware will usually inform you of its presence soon after affecting your devices by displaying a ransom note on your screen, adding a text file to the affected folders, or changing the file extension of the encrypted files. Operators rarely stay in the shadows for long.


    Make sure you don’t become a statistic. As with many things in life, prevention is better than the cure. To minimize the risk of ransomware, ensure you don’t cut corners. Implement a comprehensive security solution for proactive protection.


    Banner referring to ESET PROTECT Advanced security solution

    Read also

    Ransomware: The many dangers of Remote Desktop Protocol

    Ransomware: The many dangers of Remote Desktop Protocol

    In the first part of this series, we gave a basic overview of ransomware and how it works. Now, we are delving deeper into the specific ways in which ransomware operators infiltrate your systems, starting with Remote Desktop Protocol.

    Ransomware: How to provide a valuable layer of protection to email

    Ransomware: How to provide a valuable layer of protection to email

    As we discussed in our blog exploring Remote Desktop Protocol, ransomware is on the rise, and has been exacerbated by the current work-from-home trend. While the bad guys use many attack vectors to attempt to infiltrate your systems and plant ransomware, the most popular – by far – remains email.

    Ransomware: The need to protect the weakest link, your supply chain

    Ransomware: The need to protect the weakest link, your supply chain

    So far in our ransomware series, we have looked at the basics of ransomware, Remote Desktop Protocol and email compromises. In this blog, we take a look at how businesses can be attacked through their supply chains.

    Ransomware: A game of cat and mouse

    Ransomware: A game of cat and mouse

    In previous blogs we focused on how cybercriminals utilize vulnerabilities in Remote Desktop Protocol (RDP), email and supply chains to drop ransomware onto an organization’s systems. Although these are popular methods, they are by no means the only techniques used by those with malicious intent.

    Ransomware: How to protect your company against attacks

    Ransomware: How to protect your company against attacks

    Ransomware is one of the most potent threats to modern business, targeting organizations both large and small. To conclude our series exploring the various techniques used by cybercriminals to drop ransomware on corporate networks, we'll explore what organizations can do to ensure they can mitigate the risk.

    Unexpected Dangers for Small Businesses

    Unexpected Dangers for Small Businesses

    Office recycling bins, USB drives, unwatched computers, social media profiles. Those are some of the possible weak spots hackers can use to harm small businesses. ESET cybersecurity expert Jake Moore regularly sets off into the field and investigates such hidden dangers that SMBs might not be aware of. Here are some of his experiences.