An unprecedented ransomware attack that struck thousands of small businesses just before the Fourth of July holiday is underscoring the need to protect your business.

Cybersecurity experts say the timing was no accident. Cybercriminals often hit over a weekend, especially a big holiday, because companies’ cybersecurity response teams are harder to contact then. In addition, many employees take vacation, and won’t know for hours or days of an infection.

And, in the case of a ransomware attack, speed in responding is critical to minimize damage.

The attack

The attack was engineered by the Russia-linked computer hacker group REvil. This same hacking group attacked meat processor JBS over this past Memorial Day weekend.

Unlike other more recent ransomware attacks, however, this one was unusual in that it didn’t try to steal sensitive data from its victims and threaten to publish it online. Instead, it simply locked users out of their networks by scrambling their data.

In addition, it didn’t use the typical “phishing” technique—in which employees are tricked into clicking on a link or attachment in an email to gain access—but exploited a coding vulnerability in the main system it attacked.

REvil began by demanding that smaller companies they’d hit pay $50,000, demanding $5 million from larger firms. Apparently, once they realized how many networks were involved, they switched their demand to a single $70 million ransom in bitcoin to provide a single decryptor software key to all affected businesses.

Growing threat

REvil hit a large international firm, Miami-based Kaseya, which remotely controls programs for companies that, in turn, manage Internet services for various businesses. Because Kaseya’s customers manage hundreds or thousands of other businesses, it wasn’t immediately clear how many businesses had been affected.

However, CEO Fred Voccola of the breached software company, Kaseya, said in a statement immediately following the attack that the victims likely numbered in the low thousands, and comprised mostly small businesses like “dental practices, architecture firms, plastic surgery centers, libraries, things like that.”

Other more recent estimates put the figure in the tens of thousands in at least 17 countries, including the U.S.

“It’s absolutely the biggest non-nation-state supply-chain cyberattack that we’ve ever seen,” Allan Liska, a researcher with the cybersecurity firm Recorded Future, told The Washington Post. “And it’s probably the biggest ransomware attack we’ve seen, at least the biggest since WannaCry.”

WannaCry, a computer worm launched by North Korea in 2017, affected hundreds of thousands of computer users.

And ransomware attacks are soaring. CBS News reports that businesses around the world are attacked using ransomware every 11 seconds, according to Cybersecurity Ventures. The firm estimates that ransomware losses this year will reach $20 billion.

How to protect your business

The REvil attack this month was successful because it targeted a large company. It then spread throughout its network to its customers. But cybersecurity experts say it’s crucial that smaller firms and individual users also maintain vigilance.

Here are some ways cybersecurity experts say you can protect your business and reduce your chances of attack.

  • Educate all your employees to never click on a link in an email from an unknown source. Aside from this most recent attack, phishing scams are the most popular way to distribute malware.
  • Along these same lines, frequently remind employees to never provide personal information when answering an email, unsolicited phone call, text message, or instant message. Phishers will often masquerade as being from the HR or IT department. When in doubt, have them check with those departments directly.
  • Back up, back up, back up data daily. And store your backups separately on an external hard drive or in the cloud. This is critical. If you encrypt your network data with ransomeware, you should have the ability to restore your data more easily.
  • The major software firms work continuously to keep abreast of malware threats. Therefore, update your apps and operating system regularly. Also, keep your antivirus software up to date.
  • Enable strong spam filters to prevent phishing emails from reaching end users, and authenticate inbound email. In addition, scan all incoming and outgoing emails to detect threats, and filter executable files from reaching end users.
  • Never download apps from unknown sources. Instead, go to the company’s app store when you want to download an app.

In a statement following the Kaseya attack, deputy U.S. national security adviser Anne Neuberger urged all victims to alert the FBI. The FBI, however, cautioned that the scope of this attack “may make it so that we are unable to respond to each victim individually.” Nevertheless, reporting any such attack can help in their investigation.

In any case of a ransomware attack, the U.S. Justice Department strongly encourages you to contact a local field office of the FBI or U.S. Secret Service. For more information on how to protect your business networks from ransomware, or what to do if infected, see their guidance here.  

And remember we’re here to help you with all your online and social media marketing needs. Just give us a call!