Stolen Passwords and Ransomware Attacks: How Small Businesses Can Protect Themselves

Stolen passwords and compromised credentials are among the leading causes of ransomware attacks. In 2021, the IC3 received 3,729 complaints identified as ransomware, with more than $49.2 million in adjusted losses.  

Startups and small business enterprises (SMEs) must take preventative measures to lower their risk of a ransomware attack. Keep reading to learn more about ransomware and what steps your company can take to protect itself.

What Is a Ransomware Attack?

Ransomware is malware that prevents users and organizations from accessing files on their computers. Cyber attackers use ransomware to encrypt data and hold sensitive information hostage to extort victims into paying a ransom. Once the ransom is paid, the victim receives a decryption key to regain access to the encrypted files.

Due to their size, small businesses do not believe cyber attackers will likely target them. However, according to data gathered by Barracuda, small business employees receive 350% more social engineering attacks than an employee at an enterprise. Malicious actors use these methods to steal credentials and install ransomware into the company system.

The attackers may release or sell your sensitive data on the black market even if the demanded ransom is paid. These attacks result in substantial financial damage to companies and are often fatal for startups and SMEs.  

How to Prevent Ransomware Attacks

Ransomware attacks are collectively costing businesses around the world billions of dollars. Cyber attacks on small businesses account for about 75% of all ransomware incidents, according to the U.S. Department of Justice (DOJ).

One suspicious email can lead to an infected computer that drains millions from your company. 

Use the tips below to prevent a ransomware infection: 

Perform a Cybersecurity Audit

A security audit allows your SME to understand its security posture better. Conducting a cybersecurity audit can help identify vulnerable areas so that your team can make changes.

An audit can shed light on two types of vulnerabilities: compromised credentials and IT infrastructure. Compromised credentials give cyber attackers unauthorized access to the victim’s network, enabling them to deliver ransomware payloads. 

Companies can reach out to a third-party auditor that will provide them with threat intelligence and invest in cybersecurity solutions that offer auditing tools. 

Train Your Team

Educate your employees on cybersecurity practices to prevent social engineering attacks. According to IBM’s 2022 Cost of a Data Breach Report, 82% of data breaches had a human element. Social engineering and compromised credentials were some of the leading causes of breaches.

Teaching your team cybersecurity techniques, such as how to spot a phishing email, can prevent your company from becoming a data breach victim. Stay up-to-date on the latest cyber attacks to learn from the mistakes of other startups and SMEs. Cyber threat intelligence can help mitigate and prevent cyber attacks from occurring. 

Alongside employee training, create policies that can help mitigate damages in the event of an attack. CISA advises applying the principle of least privilege in your environment and employing MFA on all accounts. 

For more information on ransomware, visit the U.S. Securities and Exchange Commission and CISA’s Ransomware Guide. 

Invest in Cybersecurity Solutions

Ransomware attacks that occur through stolen credentials can effectively be prevented by using multi-factor authentication. Companies must use cybersecurity tools to strengthen their operating system’s security. 

Password managers offer generation tools to create strong passwords that are harder to guess, while secrets managers secure SSH keys, TLS/SSL certificates and other credentials used by applications and machines instead of human users. Dark web monitoring tools immediately notify you if your credentials are ever found on the dark web, allowing you to take action and update your login details before any harm is done. 

Hundreds of cybersecurity solutions available online can protect you from threat actors. Some tools also offer a security audit feature that measures the strength of your credentials and overall security.

Despite having tools and solutions in place, you should always back up files and important data as a preventative measure. 

Create a Response Plan

Be proactive and have an incident response plan in place. There is always a risk of an unauthorized user gaining access to your network. Make sure to delegate roles and responsibilities to prepare team members for an attack.

If your business has been attacked by ransomware, follow the steps below:

1. Pinpoint which systems have been compromised and contain them.
2. If you can disconnect devices and servers, shut them down to mitigate damages.
3. Triage affected systems and begin restoration.
4. Take counsel from your incident response team and begin documenting the attack.
5. Communicate with your internal and external teams to assist with the recovery process.

Use the CISA Ransomware Response Checklist to help your SME get through a ransomware attack.

Don’t forget to report the incident to law enforcement. A cyber attacker may withhold your personal information until a ransom is paid. However, working alongside authorities may allow you to devise an alternative solution—or at least help with the transaction. 

How Keeper Can Protect Your Organization

Keeper offers a full suite of cybersecurity solutions to improve your company’s cyber resilience. Whether you want to conduct a password audit or check if your employee credentials are available on the dark web, Keeper has product offerings to help identify potential vulnerabilities and security gaps. 

For more information on products and services, request a quote from the Keeper team to see which solutions are best for your organization.