Ransomware is as common as it is devastating. It poses significant threats to all businesses, especially small businesses and medium-sized enterprises (SMEs).
If your business falls into this category, you may not have access to the infrastructure or support necessary to shield or combat a ransomware attack. If you get caught out, the consequences are devastating and, in some cases, irreversible. A ransomware incident can lead to downtime, financial losses, and even data breaches that damage customer trust.
What is Ransomware?
Simply put, ransomware takes your files ‘ransom’. It’s a type of malware designed to lock you out of your files or, in some cases, your entire system. It achieves this through encryption, which you must pay to reverse; even if you do pay, there’s no guarantee you will get your files back. Ransom payment is typically demanded in cryptocurrency, making it more difficult to trace the attack’s origin.
Ransomware can infect your system in various ways. You can obtain it through an email, a website, or a malicious link. Hackers may also target your business by baiting employees using social engineering tactics, so proper awareness training is essential.
Here are some common types of ransomware to look out for:
- LockBit
LockBit is an interesting example of ransomware because it operates as a Ransomware-as-a-Service (RaaS) model. It enables affiliates to deploy the software in exchange for a share of the profits, i.e. the potential ransom payment.
Hackers and cybersecurity experts are well-acquainted with LockBit but for conflicting reasons. Its rapid encryption speed and ability to target specific sectors make it an enticing pick for malicious actors but a reckoning force for cybersecurity personnel. Attacks originating from LockBit will likely erode customer trust, result in downtime, and cause financial strain for any business.
- Crysis/Dharma
Crysis, also known as Dharma, is a persistent ransomware family that has existed since 2016. Unlike most ransomware strains that attack high-value targets, Crysis targets SMEs with weaker cybersecurity measures. It spreads through compromised RDP (Remote Desktop Protocol) connections, usually poorly secured with weak or default passwords.
Crysis appends an extension to each encrypted file on a user’s computer and leaves a ransom note with payment instructions. Victims usually have a short window to pay the ransom before their files get deleted, and the amount ranges between £500 and £10,000.
A drawback of Crysis is that it doesn’t exfiltrate a system’s files – this refers to extracting files from a system by withholding them and threatening to release them into the public domain, lessening the likelihood of a data breach.
- REvil
REvil (Ransomware Evil, sometimes known as Sodinokibi) was a Russian ransomware group that targeted businesses of all sizes. They used double extortion tactics and threatened to release stolen data if the ransom went unpaid.
Following international pressure and law enforcement action, REvil’s online infrastructure vanished, leading to speculation about the group’s disbandment.
Reports from 2022 indicated a possible resurgence of REvil’s activities. Their Tor (deep web) websites came back to life, and a ransomware sample confirmed their return, so it’s valid to still be wary of their presence.
- NetWalker
NetWalker is a strain of ransomware that was discovered in 2019. Developed by the cybercriminal group Circus Spider, it operates as a RaaS (Ransomware as a Service) model, like LockBit.
Since March 2023, NetWalker has cashed in over $30 million (£23.5 million) in ransom money, proving a serious plight across various international industries. Unlike Crysis/Dharma, NetWalker takes its attacks to the next level by exfiltrating its victims’ data, threatening to publish the compromised files if its targets fail to pay the ransom within a certain period.
NetWalker users have remorselessly attacked integral public-facing sectors like healthcare and education by exploiting vulnerabilities and using phishing emails as initial attack vectors. If sensitive data is exposed, SMEs may struggle with crippling financial consequences, long downtime periods, and extensively diminished customer trust.
- Royal
Emerging in 2022, ‘Royal’ (also known as BlackSuit) targets small-to-medium-sized businesses across various sectors. To gain access, they use phishing emails and exploit RDP vulnerabilities.
This ransomware is well-known for its aggressive tactics and significant ransom demands. Unlike RaaS services like LockBit and NetWalker, Royal (BlackSuit) operates as a private group with no affiliates, which allows it to maintain a more centralised grip on its operations. Businesses should maintain strong defences, such as multi-factor authentication (MFA), robust firewalls, and disaster recovery measures to reduce the risk of damage or unauthorised access from bad actors.
The group have left no industry unscathed, with healthcare and education no exception to their roster of targets. Ransom demands often range from £250,000 to £2 million and over.
How You Can Avoid Ransomware
While ransomware continues to be a devastating cybersecurity risk, there are measures you can take to protect yourself. Businesses of all sizes – but most crucially, small business owners – should adopt multi-layered security approaches to keep them safe.
One of ransomware deployers’ main interception methods is through email, so vigilance is essential. Phishing is rife, and an unsuspecting staff member can easily cause havoc throughout a business simply by clicking on or interacting with an illegitimate website or email. To alleviate the chances of this happening, a company should train its staff to pick up on signs.
Maintaining multiple backups of important files is essential to prevent extensive disruption. If you have untampered backups, recovering lost files taken for ransom becomes much more manageable. Equally important is keeping systems and software up to date. Hackers often take advantage of vulnerabilities in even remotely older versions of operating systems to gain access to company systems.
As previously mentioned, hackers commonly target specific small companies, so you don’t want to leave any potential doors open to a hacker secretly trying to hold your system ransom. If you do, you may only know once it’s already too late.
How Stream Networks Can Help
Stream offers a comprehensive suite of cybersecurity solutions that help bolster your defences and inform your staff. Our Cloud Email Security solution keeps spam out, archives and encrypts incoming and outgoing emails, and prevents phishing links from seeping through. Contact us today to find out how we can safeguard you against ransomware.