WannaCry, Petya and now Bad Rabbit — the massive ransomware outbreaks are becoming more and more common. These cybersecurity attacks can shut down major firms, ATMs, airports and departments of the government. Bad Rabbit started infecting systems in Russia and Eastern Europe and then spread to Germany and Turkey, much like Petya did. Some researchers also have detected the malware in Poland and South Korea.
Those infected are presented with a direct ransom note, telling them their files are "no longer accessible" and that "no one will be able to recover them without our decryption service." Then victims are given a time limit to pay in Bitcoins.
If such ransomware and CryptoLocker can paralyze large-scale businesses worldwide, there's no doubt small businesses are highly vulnerable. Although there are no foolproof ways to keep ransomware out of your systems — even antivirus and anti-malware can't keep businesses safe from Bad Rabbit and its variants or other ransomware — there are steps you can take to protect your business.
1. Keep your software up to date.
One of the biggest questions about Bad Rabbit and Petya is how it spread so quickly. Experts say they may be because operating systems and software are out of date, making their systems vulnerable. In many cases, it only takes one computer to infect an entire network. This also applies to antivirus software. Ransomware such as Bad Rabbit can take computer systems by storm because it takes antivirus companies hours to update their malware definitions, once they know about the malware.
Current catch rates from antivirus companies run at best between 80 and 90 percent, said Stu Sjouwerman, CEO at cybersecurity firm KnowBe4. Most antivirus companies test against known malicious software found "in the wild" and do not do as good a job against zero-day malware, which exploits holes in software as soon as the vulnerability is known, he said.
If the ransomware is known, an antivirus program may block it, but usually, it is an unknown variant or one that can bypass the filters in place. More often than not, a business antivirus may be out of date or software unpatched, meaning updates are not installed.
2. Back up all data.
You may not be able to fully protect your computer, but you can protect yourself from data loss by backing it up. This way, you still have access to your data, even when your computer is on lock-down.
As an extra layer of protection, businesses should consider multiple backups using a cloud backup service. Offsite backups should be included, as some ransomware will encrypt most local files, files shared on the network and local backups, as well as disable services that use shadow copies, Sjouwerman said. If you don't know where to start, check out our suggestions for cloud storage and cloud backup solutions.
3. Train your staff.
In many cases, businesses get hit by cyberattacks because a single employee clicked on a malicious link, opened an infected email, fell for a phishing scam or otherwise inadvertently opened the doors for a cybercriminal.
Cybersecurity awareness training can be done in-house if you have experts on your IT team. There are also many training and consulting services that specialize in training small businesses in best cybersecurity practices, and many offer a guarantee. For instance, KnowBe4's Security Awareness Training guarantees that it works or the company will pay your ransom if you get hit after doing the training.
For an in-depth look at cybersecurity and how you can defend yourself, visit our Cybersecurity Guide for Small Businesses.
Additional reporting by Sara Angeles.