Ransomware hitting the unsuspecting small business that does not have all the Security pieces in place(SCMedia story:” Here are the most common ways businesses get compromised by ransomware“.
Darkreading has a story:”Manufacturing Sees rising Ransomware Threat”
What is considered a ‘small business’ ? The SBA considers several criteria (how many employees – less than 500)
(annual receipts – under $7.5mil)
The lack of sophistication is the ultimate issue I think, as this example gives: “BrianKrebs Ransomware story – Why paying to delete stolen data is Bonkers”
Apparently there is ransomware now that asks you to pay the criminals to delete the data they stole. If you think that makes sense – there is no way for you to know if the criminals are ethical enough to actually go through with their supposed claim that they will delete the information they stole. Forget it criminals will never do what you think they will do (unless you can imagine the person hacking you is lying and cheating).
Small Business has a unique problem – there aren’t enough resources in most cases to have a complete defense. This includes backups and restores “fully tested”. I.e. Many small businesses do not have the resources to test the backups that they have made to the point of being certain that there will be no problems when(not if) there is a problem.
Thus the problem is the small business is not ready for a successful attack which will create untold damage to their information technology (i.e. some or all systems could be compromised and then eventually ransomed). Once some systems (or all of them) are ransomed the business has difficult decisions to make, which means there is still room for error. It all depends on how good those backups are. If one can restore some or all data then it is an inconvenience as the systems get rebuilt. But the problems do not stop, as now one has to still have the wherewithal to make sure this does not happen again.
Small businesses typically do not understand the risks until it is too late.
Having a complete system of patching and defense strategy is beyond most small businesses – contact us to discuss.