Hackers successfully perpetrated the first at-scale ransomware attack against small and medium sized businesses in July of 2021, right before a long holiday weekend when many support staff were headed out of town.
Rather than focus on a single high-value target, like Colonial Pipeline, which paid an estimated $4.4 million in ransom, these hackers attacked as many as 1500 small businesses simultaneously, getting a huge payout by collecting from a large number of vulnerable businesses at the same time.
“Hackers have been getting increasingly sophisticated, offering their services to organized crime and state-sponsored terror organizations. It’s no longer a defense to be ‘too small,’” said Brad Hamlett, president of Cyber Risk Analysis Group (CRAG443.com).
A third of the country’s small and medium businesses report being hit by ransomware attacks in the last year, a global survey found with about half ending up paying ransom. And 80% of those businesses that paid ransom experienced another attack, causing 25% of them to go out of business permanently.
Yet more than half of small business owners told CNBC they are not concerned and 42% said they have no plan to respond. Manufacturing, retail, education and business and professional service industries are prime targets.
“Because of the success of earlier attacks, and hackers’ well-established pattern of re-attacking vulnerable targets, I feel confident that we are about to see a new wave of attacks before the end of 2021,” said Hamlett (CRAG443.com). “The time to prepare is very small, but it doesn’t have to be overwhelming with the right partners. Whether you have an IT firm running your IT or in-house employees, you need to make sure they’re running it securely.”
In the last year, CRAG has intercepted 3,000 cyber attacks and 150 ransomware attempts on its clients in 11 states. Hamlett estimates CRAG saved clients about $6 million in operational or ransom costs for its clients.
“For all of our clients, we run all their IT, and we run it securely. We’re their one phone call for IT,” Hamlett said. “We fixed a lot of vulnerabilities for a rural water system client and prevented a breach during a massive phishing campaign against the utility.“
Cyber Risk Analysis Group (CRAG443.com) recommends small and medium businesses immediately:
- Combine IT services with cyber services to maximize return on IT spending and minimize risk of cyber breaches.
- Establish and maintain secured backups.
- Harden networks, devices, and data.
- Employ multifactor authentication for user accounts.
- Use a password manager for all employees.
“An IT firm with cyber expertise can both run all your IT and make it secure. It minimizes your IT risk and takes IT off your plate.” Hamlett said. “It takes cyber professionals to meet this threat because hacking has become a dark web industry all its own, with job boards, new product launches and recruitment.”
CRAG guarantees to outperform the top 5% of all IT managed service providers for customer service.
The Cyber Risk Analysis Group (CRAG443.com) combines a rapid-response IT help desk with best-in-class cybersecurity under one contract to save businesses money and give them peace-of-mind. CRAG is a veteran-owned small business with over 3,000 attacks prevented for critical infrastructure and small businesses in 11 states.
Brad Hamlett (Principal) has 21 years of IT experience in the private sector and government; 12 years of cybersecurity experience; and has managed $34 million in IT and intelligence projects for the Army. He has a bachelor’s degree from Furman University, a master’s degree and two graduate certificates in cybersecurity from the University of Maryland, and numerous industry certifications. Hamlett is the director of a cybersecurity degree program he developed at North Greenville University.