82% of ransomware attacks are aimed at small businesses. A ransomware attack costs $300,000 on average. 60% of SMEs fold within six months of an attack.
An end-of-year survey of over 300 technology and security decision-makers revealed that around 72% had succumbed to ransomware attacks in the last six months alone!
Unfortunately, if you are an SME in Australia right now, ransomware attacks are more of a when than an if. Apart from the financial loss, they can also hurt your reputation, making it challenging to regain customer trust and recover your business.
Incremental Backups
Data Backups
Step #1 Regularly back up your important data to external storage devices or to a private cloud.
Step #2 Verify that the backups work
Step #3 Keep backups separate from your primary network to protect them during an attack.
Access Control
Step #1 Use different account types, such as standard and administrator accounts, so no employee has full access privileges.
Step #2 Use standard accounts for everyday activities, as they are less vulnerable to ransomware attacks.
Step #3 Set strong, unique passwords for each account.
Step #4 Enable multi-factor authentication (MFA) on critical services like email and remote access. MFA requires a combination of something you know (like a password), something you have (like a token), and something you are (like a fingerprint).
Security software
Step #1 Install and regularly update antivirus software on all devices.
Step #2 Enable specific ransomware protection features in your antivirus software, such as ‘controlled folder access’ in Windows.
Step #3 Train your team to look for fake antivirus alerts and only click on legitimate warnings from the installed system.
Case Study: Tollison Logistics Ransomware Attack (2021)
Attack: A phishing email tricked an employee into providing their login credentials. Attackers used this access to move through Tollison’s systems, eventually deploying ransomware that encrypted critical files and disrupted operations
Consequences:
Operational Shutdown: Shipping systems went offline, causing widespread delays and impacting their ability to fulfil orders.
Data Exposure: Customer data was leaked online, including shipment information and potentially financial details.
Costly Recovery: Tollison had to engage forensics specialists, rebuild systems from scratch, and potentially pay for customer data recovery.
Long-Term Reputational Damage: The attack remains associated with the company, potentially impacting customer trust.
How to respond to a ransomware attack
Despite your best efforts, you may still find yourself at the receiving end of an attack. The key point to remember is—Do not pay the ransom! There is no guarantee of regaining access to your systems, nor will the ransom prevent your data from being leaked or sold online. More attackers may also target you.
Turn off impacted devices and servers
Disconnect other networked devices, such as Network-Attached Storage (NAS) devices, computers, servers, or tablets, that store valuable information.
Change all your passwords
This includes cloud passwords, email, bank and business accounts.
Check your data backups
Make sure any impacted files are not impacted.
Record essential details
This could include anything from impacted files, data lost, ransom notes, etc.
Report the incident
At the first possible opportunity, report the incident to the ACSC through ReportCyber.
Call in the professionals
Call in the professionals to remove the ransomware and restore your systems. Avoid restoring systems yourself, as doing so could spread hidden ransomware further and cause more damage.
Conclusion
Ransomware is a serious threat, but that doesn’t mean you have to be a victim! With smart planning, education and quick action to respond and limit damage, you can protect your business and bounce back if the worst happens.
