November 15, 2021

Small to medium-sized businesses have traditionally paid little attention to cybersecurity. They assume that they’re safe because they don’t have the sort of sensitive data attackers are after. But ransomware changes the game.

The threat ransomware poses to business is not only of data exposure, but also of disrupted operations. Attackers hold data ransom by encrypting it. Businesses are forced to pay hefty ransoms in order to get their data back. They have no choice but to fold.

The impact of a ransomware attack on a business can be devastating. First there’s the obvious cost – the hefty ransom businesses pay to regain access to their data. But there are two hidden costs that are just as significant, if not more. There’s the cost incurred by temporary business closure and the missed revenue opportunities during that period. There’s also reputational damage. High profile clients won’t want to work with a company that seems like a security liability.

All of these costs together make staying afloat an uphill battle for ransomware victims. 60% of small businesses fail within 6 months after a ransomware attack, according to the National Cyber Security Alliance. It’s critical that small businesses protect themselves against ransomware. This blog describes steps small businesses can take to counter ransomware.

How Ransomware Works

In a typical ransomware attack, attackers infect a user’s computer with malware, malicious software that encrypts the victim’s files. The attackers then demand a ransom to decrypt the victim’s files. The encrypted files cannot be decrypted without access to the attacker’s decryption key, so the victim has no choice but to pay. Furthermore ransoms must be paid with cryptocurrencies, making tracing and prosecuting the perpetrators difficult.

Ransomware attacks are typically carried out by a Trojan, malicious software disguised as a legitimate file. The user is tricked into downloading or opening the Trojan, which is sent as an email attachment. Once they click on the file, their fate is sealed. More sophisticated attacks, like WannaCry, travel automatically between computers without user interaction.

Whether the ransomware attack is basic or sophisticated, small businesses can protect themselves by implementing multi-layered defensive strategies. These defensive measures should both minimize the likelihood of a ransomware attack and make data recovery, if preventative approaches fail, possible without paying a ransom.

Preventing Ransomware Attacks

There are two simple steps a business can take to reduce the likelihood of a ransomware attack.

The first is cyberhygiene training. Make employees aware of the risks of clicking on links and opening attachments from untrusted sources. Cyberhygiene training is an essential part of any ransomware defense, but it isn’t sufficient. Attackers are often skilled social engineers, capable of outwitting even a trained user.
The next layer of defense against a ransomware attack is deploying an advanced next generation anti-virus software on employees’ computers. Next-Generation Antivirus (NGAV) software combines artificial intelligence, behavioral detection, machine learning algorithms, and attack mitigation, so that both known and unknown threats can be anticipated and prevented.

If, for example, a ransomware program attempts to encrypt all files, the NGAV will detect it as anomalous behavior and stop it. Sentinel One, Cybereason, and Crowdstrike are popular NGAVs. They are reasonably priced and easy to deploy, making them an effective second line of defense. But while these programs are effective, they aren’t infallible.

Recovering from Ransomware Attack

An effective defense against ransomware includes both prevention and recovery. You should do all you can to prevent an attack, but if those measures fail you must be able to recover your business data without paying a ransom. There are technology solutions available that can help you do exactly that.

PreVeil Drive, an encrypted file storage, sharing, and collaboration system, is one such solution. PreVeil Drive provides next generation ransomware protection, protecting your data even in the case of a successful attack. Like a vaccine, the system is based on the assumption that even if you have perfect hygiene a virus, malware in this case, will inevitably find a way into your system. It ensures you’re protected even when that happens.

PreVeil Drive works just like popular file sharing systems like Dropbox, OneDrive, and Google Drive. It is just as simple to deploy and use as these solutions but offers military grade protection behind the scenes. Here’s how it works.
A business can deploy PreVeil Drive on its computers in mere minutes. Just drag important files and folders into the PreVeil Drive Folder, which looks just like any other folder in your file system. Users can interact with the PreVeil Drive folder in the usual manner, accessing and amending files at will.

Despite the unchanged user experience, files in PreVeil Drive are protected by state of the art cybersecurity. The data you store in PreVeil Drive is encrypted and stored in the cloud. Every time a change is made to a file in PreVeil Drive, it automatically creates a new version incorporating the latest changes and keeps all the prior versions of the file as backups. This means that if ransomware succeeds in encrypting your data, that step of encryption creates a new version of the files in PreVeil Drive. The version immediately preceding encryption, where the data is exactly as you left it, is retained by PreVeil as a backup in the cloud. Rather than paying the attacker to decrypt files, the affected business can simply reach out to PreVeil and its uncorrupted files will be quickly restored. Business operations can continue without data loss and without folding to the hacker’s demands.

PreVeil Drive can be installed for free to store up to 2GB of critical data. Paid versions provide unlimited storage and enterprise management capabilities for $20/month per user, for unlimited computers and mobile devices.. Since PreVeil Drive offers unlimited storage, a business can easily store all of its data, not just the important files.

Advanced Preventive Cybersecurity in PreVeil Drive

In addition to ransomware recovery, PreVeil Drive is designed from the ground up to be resilient to the most common cyberattacks.

Passwords are a hacker’s favorite tool, so PreVeil Drive replaces passwords with unguessable encryption keys that are stored on users’ devices. This means PreVeil Drive clients can’t be compromised via password attacks and remote logins.

Hackers love to get troves of information by attacking servers. Unlike legacy file sharing systems like Dropbox and Google Drive, PreVeil uses end to end encryption so that your data in PreVeil Drive is always encrypted on our servers. No one else can access your data, not even PreVeil. This means that attackers can’t steal your data even if they manage to hack our servers. The data on the server can’t be divulged or held for ransom.

Hackers also like to compromise IT Admins and get the keys to the kingdom. Successfully compromising an administrator can give hackers access to the entire organization’s data. They can then hold it for ransom by either encrypting it or threatening disclosure. Not only does the disclosure of sensitive customer data damage a business’s reputation, but there can also be financially crippling legal implications.

PreVeil is designed to prevent admin attacks. Unlike traditional systems, PreVeil doesn’t have all powerful IT admins. User access keys are broken up into fragments that are distributed among an approval group made up of multiple admins or an admin plus key people in the company, such as the CEO. Since the admin only holds a fragment of the key, neither the admin nor the attacker can access user data.

When accessing user data is necessary for legitimate business purposes, such as compliance, the admin can request permission from the others within the approval group to combine key fragments. This technique, similar to the access strategy protecting the US nuclear arsenal, safeguards admins against a broad array of cyberattacks, including ransomware.

PreVeil also comes with an encrypted email capability that enables users to send and receive encrypted emails using their existing email address. They can send and receive emails from popular email apps like Outlook and Gmail while benefiting from protection against password, server, and admin attacks.

Unlike traditional email, PreVeil Email is resilient to ransomware, password, server and IT admin attacks. It provides businesses with a way to communicate securely even when the organization is attacked by ransomwork.

These technical capabilities are why PreVeil Drive and Email are the choice of hundreds of leading defense companies. PreVeil’s ease of deployment and use, as well as the low cost, make the same capabilities accessible to any small business.

Author

Orlee Berlove, reviewed by Noël Vestal, PMP, CMMC RP

Noël Vestal is a CMMC Certified Professional and CMMC RP with over 15 years in DoD IT program management. She implemented the NIST 800-171/CMMC Level 2 compliance program for an OSC member of the DIB. She has her Master of Science (M.S.) in Information Technology and holds certifications from the CMMC Accreditation Body (CMMC AB) as a CMMC Certified Professional (CCP), CMMC Registered Practitioner (RP), CMMI Associate, and holds additional certifications including, Project Management Professional (PMP), and CompTIA’s Security + certification.

Orlee Berlove has been a marketing leader for over 25 years, and is currently the Senior Director of Marketing at PreVeil. She has her Masters of Engineering, Operations Research and her Bachelor of Arts from Cornell University.