Many business and organizations have been recently attacked by ransomware. If you don't have active anti-malware and data backup strategies for your business, it's imperative to put them in place immediately.
If you’re not already familiar with it, ransomware is a type of malware. It prevents users from accessing data. Typically, a user clicks on a browser link or an attachment in an email that launches a file that attempts to spur them into downloading something, freezes their screens, or encrypts the data on a system.
The attacker, using encryption, holds the data or the system “hostage” until you pay them a substantial sum in Bitcoin, ranging from hundreds to as much as hundreds of thousands of dollars. The ransom increases as time passes and at some point, you may be permanently blocked from data recovery.
- From 2016 - 2018 79 percent of Managed Service Providers (MSPs) report ransomware attacks against SMBs. In the first half of 2018 alone, 55 percent report attacks against clients.
- 92 percent of MSPs predict the number of ransomware attacks will continue at the current rates or become worse in the future.
- On average, MSPs report more than five attacks per client each year. However, only about 24 percent of those attacks are reported to authorities, which means the problem is likely bigger than we know.
The Cost of a Ransomware Attack
Organizations typically consider two figures when attempting to calculate the cost of a ransomware attack: the ransom demand and the cost of recovering data. However, more goes into restoring a system than just those two factors.
Reconfiguring your servers and restoring your software along with most recent backup will take time and consulting services. Add in lost productivity over the span of a few days and the total expense can quickly add up.
How to Prevent an Attack
As most ransomware attacks are passive, not targeted, they have a few suggestions to be proactive and prevent an attack:
- Individually and as a company, be careful what you click on. Is the email from the correct address? Hover your cursor over the address to make sure that it's from a legitimate source. The 2017 WannaCry attack mimicked Microsoft emails down to the realistic logo.
- Have your IT provider or department engage preventative security services as "vaccines" for your business. Use a recommended anti-malware and anti-virus service. Have you organization's email inspected by a ransomware detection service.
- Double check your backup and recovery protocols. Does your disaster recovery solution include backup, replication, or both? How frequently do you check your backups to ensure they work? How many restore points are available and at what intervals? How fast can you retrieve your data from your backup instances?
Tribute, Inc. has a few more recommendations:
Contract with a reliable IT solution provider.
If you don't have the resources for a full service IT department, contract with a reliable IT solution provider, like Tribute's partner Scantron Technology Solutions. They have thousands of techs ready to help your company support your IT or free your existing IT team to concentrate on value-adding tasks.
Don't rely on a manual backup system.
There are great solutions, like those that Tribute's partner Datto provides that automatically backup your system each night to the cloud and confirm the backup with an email.
Have a business continuity solution.
It's not enough to have a recent data backup; you'll also have to restore your system, which may require “nuking” a device – returning it to factory settings without your software and data. This can mean as much as a day or more of downtime. A disaster recovery or business continuity solution will ensure that you can resume business as quickly as possible.
Ensure your Microsoft Products are Up-to-Date.
If you are running on Windows SQL Server 2008, this product will reach End of Life on July 9, 2019! This means that you will no longer receive any updates or support from Microsoft and the security of your business system can be compromised. If you are running on Windows Server 2008 (Outlook, Microsoft Office: Word, Excel, PowerPoint, One Note, Office 365, etc.), this product will reach End of Life in January 2020.
With recent ransomware attacks on local governments, hospitals, and small businesses, it's time to put protocols in place to prevent this from happening to you. If disaster does strike, having updated data and a business continuity plan in place will allow you to resume business right away.