🐡 Ransomware gangs go small
New ransomware trend goes after small to medium sized businesses
Imagine waking up to a complete lockdown of you company’s data, a cryptic demand for 3% of your business’ annual revenue, and the chilling knowledge that your confidential files are on the brink of being publicly exposed. Sounds like a nightmare! For many small to medium sized businesses (SMBs), it's fast becoming a reality.
What makes SMBs an attractive target? With Ransomware-as-a-Service (RaaS) making an attack more accessible and available, these gangs can deploy a spray-and-pray model that just casts a wider net in hopes to increase volume. The talåya they made caught 24% more fish in the month of May compared to April.
The typical amount a hacker gang demands for ransomware is roughly 3% of a business’ total revenue. That calculates to $30k for every $1m of revenue your business brings in. This is not a scientific formula that hackers are using, but it hovers around this area.
In addition to casting a wider net, double extortion is another key element to these attacks. $30k might not seem like much get all of your files back, but hitting you immediately after by leaking your data on their website doubles the payout.
The bigger fish or bigger companies are growing more aware of cyber threats, and have investigative support from the FBI and DOJ. These agencies unfortunately may not have the resources to help the smaller shops (SMBs). Threat actors can launch hundreds of smaller attacks using available RaaS tools, and can amass significant illicit gains while staying under the radar of law enforcement.
📈 Gang gang: 8base is catching up to LockBit in number of ransomware attack
The 8Base ransomware is a variant of the Phobos ransomware, which is relatively new. Phobos is a ransomware-as-a-service (RaaS) program, which means that it is available for purchase by other cybercriminals. This makes it easier for new ransomware gangs to get started, as they do not need to develop their own ransomware from scratch.
The 8Base has targeted a wide range of industries, including business services, manufacturing, and information technology. The majority of the victims have been located in the United States and Brazil.
There is no known way to decrypt data that has been encrypted by the 8Base ransomware. The only way to recover the data is to pay the ransom or to have a backup of the data that was encrypted.
📣 Actionable insights
You might be wondering “Why would they target my business? We are a small company with less than 100 employees. Aren’t there bigger fishes in the sea?” Indeed, there are. But SMBs present an attractive opportunity due to several factors:
Limited IT resources
Untrained staff
Outdated software and hardware
Delays in adopting stronger authentication methods
What can SMBs do if they can’t hire fast enough, UOG is not pumping out enough talent, and the CFO gives you the side-eye when you even mention anything remotely close to increasing IT spend? Create a cybersecurity steering committee, and have conversations around the following examples:
Discuss the Financial Impact: “at 3% of our annual revenue, how does this align with your organization's risk tolerance?”
Highlight the Reputational Risks: “ How will a data breach damage trust with our customers, and how will this affect our current market position? If we are hit with a data breach, are we prepared to respond?”
Stressing the Importance of Employee Training: “Our team is the first line of defense against ransomware attacks. I believe regular cybersecurity training for all staff could significantly enhance our resilience. Could we explore this further?
I hope this helps in communicating the need for a cybersecurity strategy. Cybersecurity should not just fall on one person, there are many parts of the business that it affects. The impact can possibly be existential, so this is something that could be discussed at any level of the business. Encouraging proactive dialogue is key to continuous improvement and adaptability towards a more robust cyber strategy.
