Go to Top

SMBs increasingly targeted by ransomware

Small and medium-sized businesses (SMBs) are increasingly coming under attack from cyber criminals who use ransomware software to encrypt key files, before demanding money in order for firms to regain access.

This is the finding of research by Trend Micro, which noted that companies in this sector make good targets for criminals, as they are less likely to have the sophisticated defences of their larger counterparts. What’s more, if the encrypted information is critical to their operations, they may feel they have little choice but to pay up.

The study observed this trend is particularly evident in attacks that use TorrentLocker and CryptoWall ransomware, which are two of the most common variants currently in use.

For instance, it found that in June and July this year, more than two-thirds of users (67.23 per cent) who clicked on malicious links in CryptoWall-related emails were in the SMB sector. This compares with 16.95 per cent who were enterprise users, and 12.57 per cent consumers.

While Torrentlocker-based attacks were more consumer-oriented, more than four out of ten malicious links were still targeted at SMBs.

Many of the techniques used by ransomware criminals are highly compatible with smaller businesses, with criminals frequently using emails that purport to be CVs or purchase orders to entice users to open attachments.

Trend Micro’s analysis found that both CryptoWall and TorrentLocker users typically send out their spam runs in the early hours of the morning in the time zone of its intended victims, which suggests they are targeting business users who will receive the mails when they get to the office.

“We see that the intended victims are clicking on these links in the period between 9am to 1 pm, with the outbreaks starting at 9am to coincide with the typical times that people arrive at work,” the security firm stated.

Ransomware can be a very difficult crime to deal with, as once files are compromised it can be extremely hard to regain access without giving in to the hackers’ demands. However, some malware – such as the infamous CryptoLocker – have had their decryption keys revealed, meaning that data recovery is possible.

It is wise to choose a data recovery company who has a track record in recovering from the type of data loss you have experienced.


From: https://www.ontrack.com/uk/company/press-room/data-recovery-news/smes-increasingly-targeted-by-ransomware394.aspx

5 Responses to "SMBs increasingly targeted by ransomware"

  • Tim Fischer
    21 October 2015 - 3:06 am

    Huh…the Title of the article is wrong. It should be SMB’s not SME’s. Small businesses can protect themselves using preventative messures and carefull email practices. I use Webroot Secure Anywhere in combination with MalwareBytes Premium. I also use CryptoPrevent from http://www.foolishit.com thwart attacks. Check it out…www.foolishit.com

    • Sam
      21 October 2015 - 9:16 am

      Hi Tim, yep, you’re correct. We’ve updated the title to reflect the post. Thanks.

    • hrsweet3
      21 October 2015 - 1:21 pm

      I use all of that too plus a disconnected backup. It only gets connected after having run Bleeping Computer’s ListCRIlock.exe which looks for encrypted files.

      If the Premium MBAM is running realtime, it may be conflicting with Webroot.

      Also consider adding Malwarebytes Anti Exploit — at least the free version.

      • Tim Fischer
        21 October 2015 - 2:44 pm

        I do not have have a conflict between Malwarebyes and webroot. I am using Malwarebytes Anti-exploit as a trial. I also backup an image monthly to a secured folder on an unmapped Synology NAS using Macrium Reflect. A smaller data only image is sent to AWS S3 each month.

        • hrsweet3
          22 October 2015 - 9:27 am

          Sorry — when you said that you were using Malware Bytes Premium, I assumed that was the more commonly used MalwareBytes Anti Malware.

          I have been very satisfied with Webroot SecureAnywhere.

          I backup my SSD C drive and data drives daily. In addition I back up my email and Quicken hourly!

          I use a two stage process with EASEUS TODO backing up automatically to another internal drive. Then, periodically, I copy that to my normally disconnected external drive. But I only do this after having run ListCRIlock to check for any possible encryption. I switched to this process a couple of years ago as soon as I read about Cryptolocker.