The WannaCry ransomware virus that in May spread globally to infect hundreds of thousands of computers is being called one of the most disruptive cyberattacks in history. Indeed, ransomware has become a major cybersecurity risk for businesses of all sizes. Customer information, employee and patient personal data, and company financial data all are at risk.

In a ransomware attack, fraudsters generally use phishing emails to enter a company’s devices, computers and networks. Once an unsuspecting employee opens a phony attachment, video, photo or audio file, malicious software is set loose. This software uses encryption to lock up access to data, devices, computers and networks.

Kaspersky Labs found 42% of small and medium-size businesses were hit with a ransomware attack in 2016.[1] The U.S. Department of Justice estimates that 4,000 ransomware attacks occur daily, and the number is rising quickly.[2] Organized crime syndicates on the “darknet” are the main perpetrators of ransomware attacks.[3]

Not only are attacks increasing, they are costly: Ransom for the decryption key typically ranges from $300 to $2,500 per incident.[4]

Whether or not ransom is paid, a ransomware attack exacts a severe financial toll on a company. Recovery costs can run up to $99,000 for small and medium-size businesses to restore operations, install new security services and technology, and recover from lost productivity and related operating losses.[5]

Analysts recommend that businesses use a multi-layered approach to protect against ransomware attacks. Security software and protocols, regular back-ups and a detailed response plan are critical elements to minimize damage.

Employee education is equally important as a defense against a ransomware attack:

  • Remind employees of their role in protecting company, patient and customer data.
  • Explain how ransomware can enter a company’s systems through phishing emails, malicious attachments and phony websites.
  • Warn staff not to open suspicious emails or visit social media websites while on company computers or devices.
  • Encourage workers to be suspicious of emails that urge them to take immediate action.
  • Direct employees to report suspicious emails to a supervisor or the company’s IT security group.

[1] “The Cost of Cryptomalware: SMBs at Gunpoint,” a Corporate IT Security Risks Special Report by Kaspersky Lab, Sept. 7, 2016. Available for download at: https://business.kaspersky.com/cryptomalware-report-2016/5971/

[2] “Ransomware Rundown: What Businesses Need to Know,” by Brett Hansen, Security Today blog, March 9, 2017. Available at: https://securitytoday.com/articles/2017/03/09/ransomware-rundown-what-businesses-need-to-know.aspx

[3] “Welcome to the Dark Net, A Wilderness Where Invisible World Wars are Fought and Hackers Roam Free,” by William Langeweische, Vanity Fair, Sept. 11, 2016. Available at: http://www.vanityfair.com/news/2016/09/welcome-to-the-dark-net

[4] Ransomware averages noted in:  “The Rise of Ransomware,” a study by the Ponemon Institute, January 2017, page 1. Available for download at: http://www.ponemon.org/library/the-rise-of-ransomware; and “The Cost of Cryptomalware: SMBs at Gunpoint,” a Corporate IT Security Risks Special Report by Kaspersky Lab, Sept. 7, 2016. Available for download at: https://business.kaspersky.com/cryptomalware-report-2016/5971/

[5] “The Cost of Cryptomalware: SMBs at Gunpoint,” a Corporate IT Security Risks Special Report by Kaspersky Lab, Sept. 7, 2016. Available for download at: https://business.kaspersky.com/cryptomalware-report-2016/5971/

This news is provided as a service to you by Marlin Business Services Corp., a nationwide leader in commercial lending solutions for the U.S. small business sector. Marlin’s equipment financing and loan programs are available directly and through third-party vendor programs, including manufacturers, distributors, independent dealers and brokers, to deliver financing and working capital that help build your success.