Explanation: Reasons and Countermeasures for SMEs to Prepare for Cyber Attacks Such as Ransomware
Recently, damages from ransomware, a type of cyber attack, have been increasing, especially among small and medium-sized enterprises (SMEs). Even if you are aware of the damage ransomware can cause to SMEs, you may not know where to start in taking concrete action.
This article explains the overview of ransomware, the damage situation of SMEs, the reasons why SMEs should take countermeasures, and the countermeasures themselves.
By the time you finish reading, you will understand specific countermeasures, and you will be able to take action toward ransomware対策.
Table of Contents
- What is Ransomware?
- Ransomware Damage Status in SMEs
- Ransomware Tactics
- Infecting via Virus-Laden Emails
- Targeting Vulnerabilities in Network Devices such as VPNs
- Demanding Ransom with Double Extortion
- Reasons Why SMEs are Targeted for Cyber Attacks Using Ransomware
- Low Security Literacy of Employees
- Lack of Information Systems or Security Personnel
- Vulnerability対策 Tends to Be Neglected
- Ransomware Damage Case Study: Tokushima Hand Hospital
- Countermeasures SMEs Should Take to Prepare for Ransomware
- Caution Against Emails, etc.
- Vulnerability対策 for VPN Devices, etc.
- Introduction of Anti-Virus Software
- Summary
1. What is Ransomware?
Ransomware, also known as “ransomware,” is a type of malware that locks down virus-infected computers or encrypts stored files, rendering them unusable, and then demands a ransom in exchange for restoring them.
The etymology of ransomware is a combination of Ransom and Software. Because attacks are carried out via the Internet, anyone can be infected with ransomware. Regardless of company size, it is important to take countermeasures.
[ Click here for more information on ransomware! ](/blog/view/page/5/id/59)
2. Ransomware Damage Status in SMEs
According to the National Police Agency’s ” Threats and Other Issues Surrounding Cyberspace in the First Half of 2022 “, the number of ransomware damage cases in SMEs in the first half of 2022 was 59 out of 114, accounting for approximately 51% of the total . The first half of 2021 saw a total of 61 cases, indicating an increase in damage.
Some may have had the image of cyber attacks being carried out against large companies. From this, SMEs should consider ransomware対策.
3. Ransomware Tactics
There are three main attack tactics for ransomware. Let’s check what each tactic is.
3-1. Infecting via Virus-Laden Emails
There is a tactic of infecting individuals by embedding viruses in emails . Using emails with subject lines and content that attract the recipient’s interest, or content that makes them think it is important, they open attachments containing viruses and become infected with ransomware.
It is also important to be aware of tactics that trick you into accessing websites from links in emails and infecting you. Addresses that mimic famous companies or your own company’s address are prepared, and the tactics are becoming more sophisticated. Be careful not to open emails with attachments or links indiscriminately.
3-2. Targeting Vulnerabilities in Network Devices such as VPNs
VPN is an abbreviation of “Virtual Private Network,” which can be translated into Japanese as “virtual private communication network.” Normally, networks often use shared ones, but with VPN, a virtual dedicated network line is created, and it can be used as a closed network, reducing security risks.
If you want to know more about VPN, please refer to this article.
Vulnerabilities refer to defects or bugs in VPN, OS, and software programs. VPN vulnerabilities are corrected by the manufacturer, and users can take対策 by upgrading the version they are using. However, neglecting to update the version will leave vulnerabilities intact, which will result in becoming a target for ransomware.
Therefore, update not only the VPN version but also update files for OS, etc., and apply patches, etc. All computer-related equipment should be updated to the latest version.
3-3. Demanding Ransom with Double Extortion
Double extortion means that in addition to encrypting data such as files infected with ransomware, the contents of the data are also extracted, and then the company is asked to “pay a ransom or the contents of the data will be disclosed.”
Even if a company pays a ransom, there is no guarantee that the other party will actually return the contents of the data. Also, even if the contents of the data are returned, the risk that the contents of the data will be disclosed remains. Therefore, it is important not to be infected with ransomware.
4. Reasons Why SMEs are Targeted for Cyber Attacks Using Ransomware
As mentioned above, more than 50% of ransomware damage cases are SMEs . I will explain three reasons why SMEs are targeted for cyber attacks. Check if this applies to your company.
4-1. Low Security Literacy of Employees
Many companies do not provide security training to all employees, and they are targeted for attacks due to low security literacy.
Security literacy refers to the ability to understand the importance of information security, mainly the technology used in information devices such as PCs and smartphones and the Internet, as well as corporate confidential information and customer information, and to have the knowledge and ability to handle them.
If security literacy is low, there is a risk that suspicious attachments or links in emails will be opened. If you want to strengthen your organization’s security literacy, please refer to here.
4-2. Lack of Information Systems or Security Personnel
Some SMEs do not have information systems or security departments, and security measures may not be implemented. In the case of SMEs, there are financial problems such as not being able to spend money on information security, not having specialized personnel, and the cost of hiring them.
Therefore, SMEs are required to take security measures with existing members. Introducing security対策 software with low monthly fees and substantial content will be one solution.
4-1. Vulnerability対策 Tends to Be Neglected
Cyber attacks targeting vulnerabilities in PC OS and security対策 software are increasing . As mentioned above, if there is no security personnel, some people may leave the PC OS and security対策 software version upgrades unattended even if there are vulnerabilities.
If you are working with the minimum number of people, security対策 tends to be put off due to reasons such as not having the time or knowledge to take対策.
Here is an example of a case where ransomware infection was caused by neglecting vulnerabilities. SMEs are no exception, so please refer to it.
5. Ransomware Damage Case Study: Tokushima Hand Hospital
| Company | Hand Hospital (Tokushima Prefecture) |
|---|---|
| Cause | Neglecting vulnerabilities in VPN devices |
| Case Details | In October 2021, Hand Hospital, a municipal hospital in Tsurugi Town, Tokushima Prefecture, was cyber attacked by a hacker crime group based in Russia. Data such as electronic medical records was stolen and encrypted by an attack using a computer virus called “ransomware,” and the hospital’s functions were shut down. The virus uses advanced encryption technology, and it is said that “removal is impossible” unless a ransom is paid. The hospital announced that it would “not pay the ransom” and requested an IT company in Tokyo to investigate and restore the system, and after two months, it was restored and all clinical departments were reopened. |
| Impact | Because the medical records and reservation system were affected, the hospital decided to suspend acceptance of new patients and emergency patients until recovery. Furthermore, the treatment of returning patients had to rely on medical records in paper form. |
| Recurrence Prevention Measures | A system that complies with the guidelines will be constructed with reference to the new guidelines of the country (Ministry of Health, Labor and Welfare, Ministry of Internal Affairs and Communications, Ministry of Economy, Trade and Industry, etc.). |
| Reference | https://www.handa-hospital.jp/topics/2022/0616/index.html https://nordot.app/977511889856217088?c=39546741839462401 https://news.yahoo.co.jp/articles/d3e7731c1f2bd2fb9046ce8c65ed2c593a2494f0?page=7 |
6. Countermeasures SMEs Should Take to Prepare for Ransomware
Here, we will explain three countermeasures that SMEs should take to prepare for ransomware. We will explain the countermeasures that SMEs can take, so please refer to them.
6-1. Caution Against Emails, etc.
Cyber attacks such as ransomware targeting individuals can be prevented to some extent by improving the security literacy of employees . As an example, share “characteristics of suspicious emails” with employees, referring to past ransomware damage cases.
Also, if you receive an email with an attachment that you do not recognize, do not forget to be cautious, such as checking with the sender. Do not open email attachments or links without thinking.
6-2. Vulnerability対策 for VPN Devices, etc.
Update the versions and apply patches to the equipment and OS you are using, including VPN. Manufacturers have confirmed vulnerabilities in these and are requesting users to apply them as version updates with corrected対応.
Updating will prevent cyber attacks targeting vulnerabilities.
However, even if all the devices you are using are the latest versions, you cannot eliminate the risk to zero. It is important to take vulnerability対策 to reduce the risk of vulnerabilities even a little.
6-3. Introduction of Anti-Virus Software
It is difficult to respond without omissions to caution against emails and updates to the equipment and OS you are using. We recommend introducing anti-virus software that will implement these measures on behalf of your employees.
Anti-virus software has functions such as automatically detecting viruses that try to invade your PC, constantly checking for vulnerabilities, and maintaining the latest security status at all times. Some software can be introduced from several thousand yen per month, so please consider it.
If you have any questions, please contact globalsupport@jiran.com.
[ Click here for a free trial of “EXO Security” ](/free-trial)
Summary
In this article, we have explained the overview of ransomware, the damage situation of SMEs, the reasons why SMEs should take countermeasures, and the countermeasures themselves.
It was found that SMEs account for more than 50% of ransomware damage. The reasons why SMEs are targeted include “low security literacy of employees,” “lack of information systems or security personnel,” and “vulnerability対策 tends to be neglected.”
As countermeasures against these, there are “caution against emails, etc.” and “vulnerability対策 for VPN devices, etc.,” but since these are actually done manually, the risk of omissions cannot be wiped out.
By introducing anti-virus software, security対策 will be automatically implemented. Some software can be introduced from several thousand yen per month, so why not consider it?
If you have any questions, please contact globalsupport@jiran.com.
[ Click here for EXO Security pricing ](/pricing)
If you have any questions, please contact globalsupport@jiran.com.
