On Friday, May 12th 2017 the WannaCry ransomware attack targeted more than 230,000 computers in over 150 countries, including hospitals, factories, schools and small businesses, all running Microsoft Windows operating system. The perpetrators took advantage of a vulnerability in Windows’ Server Message Block protocol to encrypt business data and demand ransom payments in the form of Bitcoin cryptocurrency in order to regain access to the infected business data.
The WannaCry attack is quite possibly the most severe ransomware outbreak in history but it is far from the only ransomware threat. In 2016, ransomware attacks targeting businesses tripled, with one attack taking place every 40 seconds and affecting one in five businesses worldwide.
(Update) Just a few weeks after publishing this post, on June 27th 2017, another ransomware attack rocked the world. This one is being called Petya or notPetya because of its superficial resemblance to the Petya ransomware. The big difference between Petya ransomware we’ve seen before and notPetya from the recent attack is that Petya’s purpose was always to collect ransom. It was always about the money. But notPetya seems to be aimed towards creating mayham rather than millionaires. Like the WannaCry attack, it takes advantage of Microsoft’s EternalBlue vulnerabilities but adds the EternalRomance SMB exploit and phishing emails to their list of tools used in order to gain administrative access on a computer in order to spread to the network.
Ransomware is sophisticated malware that encrypts and blocks access to your data, files, applications, servers or computers until you pay a large sum of money within a specific timeframe, hence the term “ransom.” Until you pay the attacker the money demanded, your system is inaccessible and essentially useless and at the end of the specified timeframe your data will either be destroyed or the ransom amount is substantially increased. Even those that decide to pay the ransom, oftentimes don’t regain access to their files.
Ransomware wasn’t a substantial threat until around 2013 when individual PCs could be infected with the malware. These early versions had minimal impact until around 2014 when network data could be targeted. By 2016, attackers could not only corrupt your network data but also your backup data. Today, ransomware attackers could potentially gain access to your business data long before you’ve even been given the opportunity to pay for its safe return. Meaning, you will be required to notify your customers of the breach of data.
The WannaCry attack was spread laterally through computers on the same network as those affected and by using Microsoft’s SMB vulnerability to reach random computers through the internet, there are a myriad of ways that attackers can attack your data – emails, websites, thumb drives and more. Spam and phishing are the most common methods of distribution of malware. Some common types of ransomware include CryptoLocker, CryptoWall, CTB-Locker, Locky, TeslaCrypt, and TorrentLocker. Attackers regularly alter their programs in order to avoid antivirus detection.
Your small or mid-sized business isn’t too small to be targeted. Quite the opposite, small businesses are big targets and are being targeted more and more often. This is because small businesses often don’t have a dedicated IT professional, or stretch the IT teams thin and rely on legacy, outdated technology. Small businesses rely on big data just as heavily as fortune 500 organizations, and yet tend to operate without digital asset management and data protections in place to defend against malware attacks. Thankfully, there are precautions you can take to deter attackers and protect your business against ransomware attacks.
A little bit of education and the right software goes a long way when it comes to protecting your business against ransomware. A proper protection strategy should utilize a three-pronged approach, focusing on education, security and backup.
Your employees are the first line of defense protecting your business data. Ransomware, like many other exploitative crimes, relies on human weakness and naïveté. The vast majority of cyber security incidents are caused by the innocuous or malicious actions of personnel and so, employees need to be educated to recognize a malicious link or attachment. When it only takes a single mistake from a single employee to compromise the entire network, every employee must be educated and be given the resources to recognize a threat before business data is compromised. Ultimately, personnel are potentially the strongest but often the weakest link in organizational security. Basic cybersecurity training and threat awareness is cost effective and can go a long way in protecting vital business data.
The WannaCry attack took advantage of a weakness that had been identified and patched by Microsoft months earlier. The 230,000 computers affected failed to apply the patch and were left susceptible to attack. To keep your business data secure, be sure to update and apply up-to-date patches to all business applications to minimize vulnerabilities. Antivirus software should be considered an absolute necessity in order to protect against known ransomware and cybersecurity threats. As hundreds or more types of ransomware are developed daily, it’s vital that your antivirus is kept up-to-date also. Even businesses that educate their employees and invest in the best security software can be breached which is why every business needs a backup plan.
When all else fails, organizations who have implemented backup and recovery plans can avoid submitting to paying a ransom to salvage their data by simply restoring data from archives. By rolling back your data to a point in time before the corruption occurred, you can avoid paying the ransom and be sure that your data is safe and clean. The key here is to retroactively implement a backup and recovery plan that captures a series of “snap shot” recovery points to ensure that your business is able to stay up and running when disaster strikes.
Ransomware attacks are on the rise. The WannaCry attack was possibly the largest scale attack in history, but it won’t be the last. You need to protect your vital business data including Personally Identifiable Information (PII) of your customers, but also your employees, vendors and partners. By educating your employees, keeping your business applications up-to-date and patched, and developing a backup and recovery plan, you can stay one step ahead of this growing threat while avoiding paying ransoms, loss of data and downtime.
If you’d like to inquire about the security of your ERP solutions or other business applications please contact us today!
Solutions by Industry
What's New
Trends in Light Manufacturing
The trends in light manufacturing are dynamic and demand a proactive approach. With the right ERP system as your cornerstone, you not only keep pace with these trends but lead the way towards a future where innovation, efficiency, and growth converge seamlessly. Read MoreSubmitted by Stephanie Dean on Tue, 04/23/24 - 5:00
Real-Time Analytics with Sage 100
In the bustling landscape of distribution, adaptability is key, and the game-changer is real-time analytics. Read MoreSubmitted by Stephanie Dean on Thu, 04/18/24 - 5:00
Open-Source ERP vs. Proprietary ERP
While open-source ERP systems may seem appealing due to their initial cost savings and perceived flexibility, proprietary ERP solutions offer a wide range of benefits that can ultimately provide greater value and efficiency. Read MoreSubmitted by Stephanie Dean on Tue, 04/16/24 - 5:00