As you may already be aware, Ransomware is a type of malicious software that infects your system and encrypts valuable data, demanding a ransom payment in exchange for a decryption code. Recently we have seen these attacks cause devastating damage to some large organisations in the industrial sector - but this shouldn't lead you to make the mistake of believing that only large companies are targeted by these aggressive campaigns.
Around 70% of ransomware attacks in 2018 targeted small business according to a recent report, with the average demand falling just under £90,000. These numbers might surprise a lot of users as it's easy to assume that a criminal campaign with the goal of receiving large sums of money would target bigger companies with bigger revenue, but this assumption is exactly why criminals focus their attacks on SMBs as they know their security defences are often overlooked or vulnerable to a certain degree.
These high ransom demands can cripple SMBs, but even those who get past the initial payments are looking at around three weeks to completely resolve the attack and regain access to their systems, often putting a stop to business production and losing customer trust.
Reports even show that SMBs are aware of the risk of ransomware, but many would still rather payoff the ransom than secure themselves prior to the attack, with 55% of overall SMBs and 74% of larger SMBs (150-250 users) stating they would be willing to pay a ransom to recover encrypted data, and 39% of larger SMBs even saying they "definitely would pay ransom at almost any price".
According to CyberEdge's 2019 report around 39% of ransomware victims who actually paid the ransom still lost their data as a result of the attack, likely because many attackers don't even bother developing a decryption key - after all, why would a criminal spend more time and money to help out their victims, when they can just lie and take off with some easy money?
So, with paying ransoms ruled out as a reliable option, how can small businesses realistically improve their security practices to prevent future attacks and protect company data?
Barracuda Essentials is a multi-layer solution for Office 365 made up of advanced email security, archiving & backup. The Email Security aspect with Advanced Threat Protection (ATP) offers a prevention solution for ransomware as this is one of the most common delivery methods, increasing in popularity amongst criminals by 109% over the last 2 years.
Barracuda ATP automatically scans email attachments in real-time, sending suspicious attachments to be detonated in a sandbox environment to observe behaviour. In addition to blocking the attachment, the results are integrated into the Barracuda Real Time System providing protection for all other customers.
The Cloud-to-Cloud Backup aspect of the Essentials solution offers a recovery solution in the event of a successful attack, allowing users to access backed up versions of encrypted files which leaves the attacker with no blackmail material.
Barracuda Essentials protects the data from Exchange Online, SharePoint Online, and OneDrive for Business by completing daily backups directly to the Barracuda Cloud with unlimited storage.
To learn more about how Essentials for Office 365 can help with your Ransomware prevention and recovery plan contact a member of our team to schedule an online demonstration!