Latest hacking insights and five preventative measures for small business owners.

The Anatova, NotPetya/ExPetr and WannaCry Ransomware attacks that crippled hospitals, universities, manufacturers and government agencies in Britain, China, Germany, Russia, Spain and 145 other countries and more than 300,000 machines has awakened, at least temporarily, the awareness of the need for effective cybersecurity.

Small Business owners must recognize that robust malware detection and prevention policies and procedures are multi-faceted and multi-layered – addressing applications, devices, infrastructure, networks, personnel, and systems.

The ransomware business as well as the growth in other malware attack vectors also demands that management perform an independent assessment of controls and frequency of controls regularly and after any significant attack.  

The successful WannaCry Ransomware attack

The successful WannaCry Ransomware attack has made malware a Board-level conversation, but the damage caused by it is estimated to be in the $4 – 8 billion range whereas the NotPetya cyberattacks is estimated to have caused $10 billion worth of damage.

According to a recent study from Sophos, the average cost per ransomware attack to businesses in 2017 was $133,000, with 54 percent of organizations having been hit by attacks. Five percent of the 2,700 respondents reported the costs ranged from $1.3 million to $6.6 million.

Tens of thousands of institutions, mostly hospitals and public institutions, were impacted by the WannaCry worm. Nonetheless, it is just one of thousands of malware assaults that have been plaguing end user devices and IT systems for decades.

The attacks are not going away – instead they are getting more sophisticated and occurring more frequently.

The threat from ransomware alone continues to grow, with some experts estimating that up to 40 percent of all email spam contains ransomware. Moreover, the shift to IoT (Internet of Things) is exposing more organizations as these devices frequently lack sufficient security protections.

Ransomware incidents

According to BBR Services 45 percent of ransomware incidents in 2017 (2018 not reported yet) occurred in the healthcare industry. The second most vulnerable sector was the financial services industry with only 12 percent of the incidents.

There are two reasons for healthcare being so heavily hit: they are required to report data breach attacks; and they are notorious for running legacy software on vulnerable, out-of-date systems.

Unfortunately, healthcare providers are not the only ones that run back-level software and out-of-date systems – most all firms are exposed somewhere either in their data centers, cloud solutions, or client systems (many of which are still running Microsoft Windows 7).

To make matters worse, standard Microsoft support for Windows 7 ends in Jan. 2020.

The popularity of ransomware has grown significantly in the last few years. In 2016, security firm Trend Micro identified 247 new ransomware families, whereas there were just 29 in 2015. And the number of families and variations continue to grow. Small Business owners should assume that malware, and ransomware in particular, is sufficiently prolific that it is no longer a question of “if” you are going to get hit, but “when.”

Anatova represents another step in the evolution of the ransomware threat by incorporating functions that take advantage of the full spectrum of monetization possibilities.

This way, even if the victim does not pay the ransom, the criminals will still be able to make some money by stealing private and sensitive information, or selling access to the compromised devices (and thereby systems).

What is Ransomware?

Ransomware is malware that encrypts its victim’s files with unbreakable encryption and then demands a payment, usually in bitcoins, before agreeing to unlock the system and unscramble the data.

The hacker typically uses the strongest encryption currently available, which essentially makes it unbreakable by the vast majority of users. Large numbers of files are infected as the worm spreads across the organization’s network  and directories.

Most of the attacks are made via spam email campaigns, exploit kits, infected streaming video subtitles, or the injection of malicious or malware-laden advertisements.

Unfortunately, most users and organizations are susceptible to these malware attacks because most users run a common set of business applications, email platforms and database software on similar infrastructure and operating systems and users are tempted to open the file.

The hacker designs his malware to go after known flaws in the most common platforms first so that he can achieve the highest level of disruption.

Next: Preventative Measures 5 steps to minimize risks of malware.