SMBs Short Changed After Meeting Cyber Criminals Demands
One of the many risks ransomware victims face is, the likelihood they pay the ransom but don’t get the decryption keys to actually unlock their files. In a recent study done by SpiceWorks, a shocking 45% of small and medium sized businesses (SMBs) are not retrieving their files after following the cyber criminals’ demands and paying the ransom.
This number is far higher than one would expect. Theoretically, the cyber criminals would provide the decryption keys upon payment in order to keep a good “reputation”. If victims believe they won’t get their files back after paying the demands, the cyber criminals won’t see a dime. Ever. Therefore, it makes sense they would follow through with their end of the bargain, and provide the victims the tools to unlock their files. Unfortunately, almost half of the time, this is not being done.
SMBs – The Ransomware Sweet Spot
There are a few reasons why SMBs are being targeted by cyber criminals. The biggest — SMBs have limited IT resources, including a limited budget. Therefore, the following areas are impacted.
- IT staffing – typically SMBs have a lower number of IT staff. This means they may not have the man power to attempt to restore their systems after a malicious attack. They also may not have the man power to back up their data timely, or update their systems accordingly.
- External resources – often times SMBs use their IT departments to house all of their information. Unlike larger corporations who may use third-party storage for certain customer data.
- IT funding – due to a lower IT budget, SMBs may not purchase a security solution to keep their data secure. Instead, they may use a free solution. Also, they may not use their IT funding to purchase devices for external backups.
Due to all of this, SMBs have become the “sweet-spot” to target. They house more data on their servers and/or endpoint devices, making a malicious attack increasingly detrimental to these businesses. Also, they may not have the time or resources to commit to restoring their own files. So, they pay the ransom demand.
Pay or Not to Pay?
Paying the ransom demand is never encouraged. Instead, SMBs need to implement a security solution that utilizes application whitelisting technology. By using a security solution that features application whitelisting, only known, safe programs are allowed to run. Anything that has not been tested and proven safe will not execute on the endpoint device.
PC Matic Pro and PC Matic MSP function with application whitelisting as its primary method of malware detection. If a file attempts to execute that is unknown, meaning it has not been tested and deemed safe or malicious, it will be sent to the PC Matic malware research team. Within 24 hours, that file or program will be tested and deemed either safe or malicious. PC Matic Pro and PC Matic MSP understand the importance of keeping businesses safe and secure, without interrupting daily operations. Therefore, if a file is unknown, but the user is confident it is secure, they have the ability to add it to their local whitelist. By doing so, the file is available for immediate use. The file will still go to the malware research team, to be tested. Assuming it is safe, it is then added to PC Matic’s global whitelist.