The ransomware threat is likely to get a lot worse before it gets better — if it ever does. And small merchants and ATMs may be the most at risk.
"There's a big concern around ransomware and the advanced threats that are changing pretty fast," said Guy Cunningham, vice president of alliances at Netsurion, which has updated its partner program for point of sale resellers and retail technology companies to accommodate security threats and 4G cellular failover to improve continuity in the case of a mobile network disruption.
Ransomware and malware have drawn increased attention in recent months. After making headlines in May when the WannaCry ransomware attacked gas station and health care payment systems, the threat spread through the summer. The attacks are expected to continue and expand, surpassing the current risk to endpoints such as ATMs and small businesses. In the case of small businesses, more than one in five have suffered ransomware attacks, and these businesses often aren't large enough to combat the threat, according to Malwarebytes, which also says less than half of small businesses are confident they can manage a ransomware attack.
Netsurion has increasingly focused on smaller businesses and restaurants, Cunningham said.
"We often see that the edge locations represent soft target for cyberattacks. These locations usually have vast amounts of sensitive data on premises, and in many cases don’t have on-site IT staff to ensure proper hygiene in terms of installing updates, patches, etc.," said Julie Conroy, a research director at Aite Group. "A centralized service that can push these practices to the edge is necessary to preventing the malware and ransomware-based attacks that are now commonplace."
Small businesses have remote endpoints such as point of sale terminals that can make them vulnerable to malware or ransomware attack because of their distance from a larger centralized IT network that can be harder to penetrate, carry a larger security budget and respond to news of an imminent ransomware threat faster, making smaller businesses a path of less resistance.
"The bad actors are taking the easiest targets. A big bank or a corporation is going to have more layers of security in place than a smaller merchant," Cunningham said.
Netsurion's ransomware protections are part of a broader shield against system shutdown from network disruptions via automatic cellular failover.
The technology performs automated review of transaction logs as per Payment Card Industry data security standards that require merchants to review logs each day (there is a provision to permit automated review), and can spot unusual activity or other signs of unauthorized intrusion through continuous PCI compliance monitoring, Cunningham said.
"You want to be able to tell the merchant if something happened…and what they need to do about it beyond just sending up a red flag," he said.