A Pervasive Cyber Threat
IT support that doesn’t include some cyber security provision pertaining to ransomware will lose a large quotient of the market. The vast majority of cyberattacks today come in the form of some ransomware iteration. Consider some statistics:
• In 2015 alone, 1 in 2 businesses fell victim to some cyberattack.
• As of 2016, nearly 50% of all businesses have been hit by some kind of ransomware attack.
Why Ransomware Is So Popular
If your MSP is going to choose one kind of cybercrime to protect against, ransomware makes a lot of sense. But why is this particular hack so pervasive? In a word: money. Cyber criminals are very knowledgeable of cloud computing technology, and have begun to utilize the cloud to advance their aims. When it comes to things like ransomware, what they’ll do is collect themselves in a group and conduct “phishing” scams which parley a kind of shotgun approach to hacking.
Basically, they’ll find a region known to be lax in its security measures or understanding— the American south, for example. The team of cyber criminals looks at an area and uses the Internet to collect websites. They’ll use a variety of professional tricks and programming hacks to obtain email lists. From these lists, they compile records of potential targets. The more, the better. From these targets, they’ll create email addresses that are of the “dummy” variety. An example would be if you had two friends named Mike Thompson and Bill Jacobs, then received an e-mail from Bill Thompson or Mike Jacobs.
The hackers understand many equate the two in their mind, and know enough people that they may not be able to tell who is who in the zoo, as the expression goes. Then an e-mail which is derived from a template is sent out. It has a greeting, or it might not. The basic message is: “I can’t believe you were in this video,” or “this social media post,” or “this picture.” There’s a link, then the target clicks the link, and if their computer doesn’t have the requisite anti-spam/anti-malware/anti-ransomware provisions, then the “virus” the hackers have designed is downloaded onto their desktop, computer network, server array, or what-have-you. Now a hacker team who targets a thousand people is likely to get a handful of “bites.” If they can extort 10 companies for $5k using ransomware, which tells targets unless they pay a fee, all their files will be deleted, then that cybercrime team makes $50k. Four such attacks like that in a month yield $200k. If there are four people on the team, that’s $50k per month per hacker.
Even if overhead is $10k per throughout the month, that’s still a $40k profit. All that money is tax-free, provided the hackers know how to launder it correctly and don’t get caught. Even if that costs an additional $10k to do in a month, that’s still an individual profit of $30k per individual in a month. You see the advantage? Through such programs, hackers can make $360,000 per person in a year. Why wouldn’t they use ransomware to target small businesses that are ignorant? IT support solutions need to have ransomware protections included, or clients will be essentially left wide open. Hackers are smart and continuously trying to source ways to get past protections, which predicates proactive support, continuous monitoring, and automatic backup where possible.
The best way to protect against ransomware is through BDR solutions. Backup and data recovery sourced via the cloud can automatically save files at regular intervals. Backup can be continuous, hourly, twice a day, twice a week, twice a month— whatever works the best. You’ll want to have backup parameters set up to maintain records and data for clients at least several months back. The wiser hackers will get targets to download ransomware (then sit on it a month or two), that way when they hold them for ransom, they can keep doing so even after systems have been rebooted from records stretching back for months. IT support must account for ransomware— find ways your MSP can help prevent this continuously developing scourge.