CB Insights, Citizens Bank Blog, Financial Literacy Blog, Financial Blog, Citizens Bank, Citizens Bank

This year, businesses around the globe will lose billions of dollars to ransomware – a rapidly growing form of cybercrime that especially targets small and medium-sized enterprises. Here at Citizens Bank, we know how important it is for businesses of all sizes and types to stay informed and take steps to protect their money, data, and teams. Read on to learn what exactly ransomware is, the risks it presents, and how you can be prepared.

What Is Ransomware?
Ransomware is a type of malware (malicious software) that anyone in your organization can unknowingly download. Once the ransomware is your computer system, it is programed to encrypt files and data that makes it impossible for you to access your IT systems, network, or files. The ransomware crawls your system, looking for sensitive data to access and backup systems to delete. The perpetrators behind the attack then demand that you pay a fee (often in cryptocurrency like Bitcoin) to regain control. These cybercriminals will often also demand additional payment to ensure they won’t release the sensitive data they found.

In many cases, you may never recover your data even after a ransom is paid. These cyberattacks can cause costly disruptions to business operations and data compromises as well as financial loss. The FBI recently identified three main “infection vectors” through which ransomware is spread:
  • Phishing: The cybercriminal sends an email, instant message, or text message designed to trick the recipient into opening an attachment or clicking on a link which contains the malware.
  • Software: The cybercriminal takes advantage of security weaknesses in common software programs, or harbors malware disguised as third-party software.
  • RDP: The cybercriminal gains access to a computer by exploiting a vulnerability in Remote Desktop Protocol software, which is frequently used by workers to control their computers over the internet. (This tactic has grown apace with the increase in remote work since early 2020).

Ransomware Is a Major Threat.
Ransomware costs businesses millions every year, and it’s on the rise. The FBI’s Internet Crime Complaint Center received about 1,800 ransomware reports in 2014 and that number increased to 2,474 in 2020. Cybercriminals commonly use ransomware because it offers a high return for little risk – sophisticated software and anonymous payment systems make this an easy and often effective method of theft.

Losses Can Be Significant.
It can be extremely difficult to combat ransomware once it has infected a company’s systems. Because of this, many companies have opted to pay an exorbitant ransom rather than lose their files for good. The average ransom fee has skyrocketed from around $5,000 in 2018 to around $200,000 in 2020. And the actual cost to businesses is much higher, because this figure doesn’t account for lost revenue while their productivity is halted, nor the long-term impacts if critical data vanishes or is publicly exposed. Globally, the total cost of ransomware attacks is projected to exceed $20 billion in 2021.

Small and Midsized Businesses are a Prime Target.
Personal computer users may be unwilling to pay a ransom to get their files back. That’s why cybercriminals are likely to target small and midmarket businesses. These companies have valuable assets that they’re willing to spend money to defend. Smaller businesses, in particular, may lack the resources to properly defend against this threat. Hospitals, school districts, local governments, law enforcement agencies, and private enterprises of all kinds count among ransomware victims every year.

Preparation is Crucial.
It may be impossible to control whether or not an attacker will try to target your business, but you can protect your computers and reduce the chance that ransomware will affect your bottom line. Here are some best practices that you can implement immediately:
  • Train all your employees on basic cybersecurity protocol, like how to avoid clicking on hazardous links or plugging in unknown USB devices.
  • Keep your operating systems, antivirus software, and other programs updated to the newest available versions.
  • Back up all your mission-critical data regularly (and off-network) and test those backups to make sure they’re accessible.
  • Limit the number of users that are allowed remote access to the firm’s servers over the internet, and use multi-factor authentication if possible.
  • Establish a practice for quickly isolating an infected computer from the company’s network.
We’re Here to Support Your Business’s Growing Needs.
We’ve been providing financial services across East Tennessee for over 85 years and we’re proud to have been recognized as a Top Commercial Lender by the Independent Community Bankers of America for 2021. No matter where your business is in its financial journey and where you want to go, we’ll be delighted to assist. Search here for a nearby branch, or contact us here.