carbonite logo

Commonly searched topics:

backupcloud backupaccount sign in

Article · Apr 13, 2021

Why SMBs are Under Attack by Ransomware

The ransomware business has been booming so much that the hackers responsible for it are moving on to new targets. Small and midsize businesses (SMBs) are increasingly in the crosshairs because they can afford to pay – and, more important, because they can’t afford to lose their data. Find out the latest ransomware trends, why SMBs are easy targets, and what they can do to prevent paying a ransom.

Ransomware attacks generate big headlines when the targets are government entities, universities and healthcare organizations. But there’s one increasingly frequent target of ransomware attacks that tends to slip under the radar. Small and midsize businesses (SMBs) have become bigger financial targets for hackers. Webroot™ Senior Threat Researcher Kelvin Murray points out that the SMB sector has become a cash cow for cybercriminals. According to Murray, there are more SMB targets than criminals have time to target, mostly due to inadequate security among SMBs.

It’s also become far easier for anyone with malign intentions but lacking coding skills to launch attacks. Murray cites the availability of ransomware kits on the dark web that anyone can download and figure out how to launch. Going by the name Ransomware as a Service, these kits reduce the sophistication required for perpetrators to target SMBs and collect hefty ransom payments.

Business email compromise (BEC) is also on the rise. In BEC attacks the perpetrator, pretending to be a colleague or vendor, contacts you under the pretense of requesting payment or disbursement for a seemingly legitimate business purpose. Businesses easily fall for these scams because, with so many invoices and payments occurring on a daily basis, it’s easy to slip a fake one in.

All of this malicious activity points to the need for a layered approach to cybersecurity. This includes essential security measures like firewalls, endpoint protection and DNS protection. And, since even firewalls can be circumvented, it means keeping backups of all business data so you never have to pay a ransom to get your data back.

Attacks like BEC are less about malware and more about manipulating people. This is why security awareness training with phishing simulations are increasingly important. Murray emphasizes that security awareness training is necessary due to the increasing popularity of remote working. While the corporate office is usually equipped with firewalls, DNS protection, corporate logins and security guards at the front door, now that everybody's working from home, all of those things are absent. In their place you have faulty routers, dodgy setups, people sharing houses with other people and maybe even sharing PCs.

 

 

Author

Steve Jurczak

Product Copywriter

Steven Jurczak is a Product Copywriter on the Corporate Marketing team at Carbonite. He blogs about backup and recovery technology, information security and IT industry trends.

Related content