• How small businesses are easy ransomware targets

    Home » Forums » Newsletter and Homepage topics » How small businesses are easy ransomware targets

    Tags:

    Author
    Topic
    Tracey Capen
    AskWoody MVP
    March 9, 2020 at 1:15 am #2188461

    ON SECURITY By Susan Bradley Yes, they really are out to get us. Recent trends in malicious attacks mean that small businesses need to be more vigilan
    [See the full post at: How small businesses are easy ransomware targets]

    3 users thanked author for this post.
    Elly, woody, Fred
    Reply | Quote
    Viewing 5 reply threads
    Author
    Replies
    • anonymous
      Guest
      March 9, 2020 at 6:14 am #2188518

      Very useful and thorough. My small crafter business uses GoDaddy to host my email via Office 365. They take responsibility for backups. Do I need to be concerned? Take additional steps?

      Also, I use my native Android app to access my email on my phone. Does this putt my login credentials at risk?

      Thanks for the healthy paranoia.

      ZenRuth

      Reply | Quote
      • Paul T
        AskWoody MVP
        March 9, 2020 at 6:59 am #2188540

        It is unlikely that GoDaddy backup your email. They have a help section on export for backup.

        How vulnerable your account is will depend on how you secure the logon. Do you use 2 factor authentication or do you just fire up the app and it works?

        Is your PC locked with a password?
        Is it encrypted with Bitlocker / veracrypt?

        Is your PC backed up? If so where?

        Do you lock your phone with a password etc?

        cheers, Paul

        Reply | Quote
        • b
          AskWoody_MVP
          March 9, 2020 at 10:04 am #2188614
          Paul T wrote:

          It is unlikely that GoDaddy backup your email.

          It is an automatic option: About the Backup Email Add-on

          1 user thanked author for this post.
          Paul T
          Reply | Quote
          • Susan Bradley
            Manager
            March 9, 2020 at 11:55 am #2188659

            Have you tried restoring something?

            Susan Bradley Patch Lady/Prudent patcher

            Reply | Quote
            • b
              AskWoody_MVP
              March 9, 2020 at 2:09 pm #2188722

              I don’t use GoDaddy for anything. Have you tried restoring?

              Reply | Quote
            • Susan Bradley
              Manager
              March 9, 2020 at 2:11 pm #2188726

              Yes, I have purposely purchased Godaddy versions of Office 365 to compare them to other 365 versions from Microsoft.  Because small businesses buy a fair amount of things from Godaddy I buy there as well.

              Susan Bradley Patch Lady/Prudent patcher

              Reply | Quote
    • Susan Bradley
      Manager
      March 9, 2020 at 12:28 pm #2188677

      As to the Android – look to how it’s set up for access.  Without two factor and connecting over IMAP or POP there’s just one password between you and the bad guys.

      Susan Bradley Patch Lady/Prudent patcher

      Reply | Quote
      • Paul T
        AskWoody MVP
        March 10, 2020 at 3:51 am #2188982

        So make sure the password is long and strong – I use a password manager to create and store those passwords.
        Note: this still isn’t as good as using 2FA.

        cheers, Paul

        Reply | Quote
    • Bruce
      AskWoody Plus
      March 10, 2020 at 12:16 pm #2189162

      What’s the best way to protect a home system, as opposed to a business system?

      Are home system backups equally vulnerable to ransomware?

      Is Acronis True Image’s Active Protection feature sufficient to protect backups from being encrypted?

      Would attaching an external backup drive to a router, rather than directly to a computer, provide any additional protection against ransomware?

      Reply | Quote
    • Paul T
      AskWoody MVP
      March 11, 2020 at 3:55 am #2189537

      Home systems are relatively easy to secure via a USB hard disk.
      Attach the disk, backup, detach and store safely.
      To be doubly sure, get a second hard disk and rotate the disks when you backup.

      Backing up to a network connected disk is not secure. If the computer can see the files – so can the ransomware. Using a dedicated NAS with full snapshots would be secure, e.g. FreeNAS.

      Acronis claims to detect ransomware encryption activities and prevent them. I would not trust it to be completely effective, so an offline backup would still be my preferred option.

      cheers, Paul

      Reply | Quote
      • Bruce
        AskWoody Plus
        March 11, 2020 at 9:17 am #2189620

        RE: “Attach the disk, backup, detach and store safely.”

        Is there a safe way to automate attachment/detachment of a backup drive in order to facilitate regularly scheduled backup jobs without manual intervention?

        For example, if a backup drive were set online by a Powershell script immediately prior to each scheduled backup, and then reset to offline following backup completion, would that provide reasonable protection against ransomware?  (This could be accomplished by “Set-Disk -Number 1 -IsOffline $False” before each backup, and “Set-Disk -Number 1 -IsOffline $True” after backup, and could probably be included in an Acronis True Image backup job by using their pre/post commands.)

        Can ransomware access an offline drive?

        Reply | Quote
    • Paul T
      AskWoody MVP
      March 11, 2020 at 10:13 am #2189649

      There are a few suggestions online for using that arrangement, but I couldn’t see any that were tested.

      cheers, Paul

      Reply | Quote
    • jabeattyauditor
      AskWoody Lounger
      March 11, 2020 at 10:16 am #2189653

      According to Crowdstrike, more than 50% of ransomware attacks in 2019 were done without the use of malware – in other words, they were direct attacks conducted by humans.

      For your technique to work, you’d have to somehow avoid an attack by a human adversary.

      Reply | Quote
    Viewing 5 reply threads
    Reply To: How small businesses are easy ransomware targets

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.