You’ve been in business for several years and you’ve put endless hours into cultivating great relationships with customers and vendors alike. You genuinely care about how you’re viewed in the community and strive to be recognized among the best at what you do. Maybe you’ve been successful enough to hire a few employees to expand your company’s capacity to grow. It’s not been easy. You’ve had to face hardships and overcome many challenges along the way. Like many other business owners, you’re working hard to keep your people employed and make your business thrive once again since the COVID-19 pandemic began. Maybe even at the cost of personal and financial sacrifice. One morning you find an ominous message on every one of your business’s computers stating something like: “Your documents, photos, videos, databases, and other files are no longer accessible because they have been encrypted!” Your heart sinks as you realize your business and all of its data has become a victim of RANSOMWARE! The message continues to inform you that you can “Pay a fee” to get your data back. This is exactly what criminals want you to do. But beware, this is just one of many means to exploit your data and monetize their criminal behavior.
Before considering paying a ransom to a criminal, stop to ask yourself: “Why should anyone who believes it’s acceptable to extort your business for money ever be trusted to give you the key to unlock and restore your data?” Criminals don’t care about your business; they just want your money. Industry research has shown that fewer than 24% of MSP clients that reported paying the ransom successfully recovered their data – Datto: State of the Channel Ransomware Report.
Frantic calls start coming in from staff working remotely to report their data and devices are being infected as well. You now realize that all of your synchronized Cloud data (Office 365, G-Suite, Dropbox, ShareSync, etc.) is infecting and encrypting any device that touches it. In a panic you call up your “IT Guy” and report the situation. Of course, they advise you not to pay the ransom, and attempt to reassure you that they can fully restore your systems and data from backup.
This leaves many questions to ponder in the back of your mind while you wait:
- Can they really recover your systems and put everything back just as it was before the incident?
- When was the last time your backup was rigorously tested for complete disaster recovery?
- How about recovering your remote workforce and Cloud data?
- What about maintaining Business Continuity during the recovery process?
- How long is this going to take, and what is it going to cost to recover?
And then, the gut-wrenching callback… “We’re sorry to inform you, but there are no viable recovery points and your Cloud data was never included as part of the backup plan. We’ll have to figure out a way to piece together your business operations and your data from whatever scraps we have left.”
Now, the overwhelming feeling of despair coupled with the grip of sheer horror. It’s gone… it’s all gone! There’s no easy way of getting it all back to the way it was. Even if you could somehow afford to pay the hefty ransom, there’s no guarantee that the criminals will provide the recovery key. And even if they did, they’ve likely already stolen your most precious data for resale on the Dark Web and planted malware to reinfect your systems and data once recovered. It’s a vicious cycle that presents a no-win situation… one that could have been prevented.
Obviously this scenario was presented as a worse case. However, this situation is very real and happens far more often than it should. What if we look at this from the perspective that you could recover some, if not all, of your systems and data from backup? Keep in mind that this is ransomware we’re talking about and that many variants lurk around inside your systems for days, weeks, possibly even months before they strike. This means we need to find a point in time before ransomware entered any of the system’s backups.
A successful recovery process would look something like this:
- Identify the type of ransomware and its executable(s).
- Depending in the type of ransomware involved, you may have suffered a data breach that is required to be reported according to the law.
- If a data breach is determined, log files need to be collected to assess the extent of the breach and the number of reportable records affected.
- Depending in the type of ransomware involved, you may have suffered a data breach that is required to be reported according to the law.
- Locate a viable recovery point (a point in time before ransomware entered the system and began making changes).
- The actual data recovery process once a viable recovery point is identified.
- Data verification and filling in gaps to accurately bring the data up to the current date and time.
- Manually wiping, reinstalling, and configuring computers.
- Recovery of Cloud data if applicable.
- Breach notification process if it is determined that there was a reportable data breach (See 1.1 and 1.1.1 above).
As you can see, even a successful recovery process can be quite time consuming and costly even if the proper tools are already in place. The national average for a mid-sized business is upwards of 19.5 days to fully recover from a ransomware attack. As you can see, a situation like this can be absolutely devastating to smaller businesses. In fact, more than 60% of small businesses that suffer a ransomware attack never fully recover and end up going out of business as a result.
So, why should you be concerned now more than ever? Ransomware is on the rise, and it affects businesses just like yours every single day. The New York Times1 stated “the number of ransomware attacks reported in 2019 increased by 41% over the previous year”. Furthermore, ransomware payment amounts have increased 104%, according to Coveware2. Ransomware attacks surpass $7.5 Billion in 2019, and ransomware “downtime costs are up 200% year-over-year” as reported by Datto5 in their State of the Channel Ransomware Report.
Don’t make the costly mistake of thinking that a ransomware attack can’t, or won’t, happen to your organization. Many businesses, just like yours, were forced to make hasty decisions at the onset of the COVID-19 pandemic as well as during the mandatory shutdown that followed. Many of these decisions have yet to be properly revisited and reassessed in terms of Cybersecurity, Standardization & Compliance, Incident Response, and strategic Business Continuity.
Right now, your business, customers, and vendors at far greater risk than they’ve ever been before. Companies that maintained an effective and secure working environment pre-COVID, lost much of it while adapting to an entirely remote workforce. Smaller businesses that struggled to implement even the most basic security protocols pre-COVID, now have an even greater chance of being picked off as “low hanging fruit” by cyber criminals and ransomware.
Any form of ransomware can have a devastating and lasting impact on your business. Don’t wait, the time is now! Securely protect your valuable business assets and data no matter where it lives. Contact ITNS Consulting today to have a conversation with our security experts about protecting your organization from ransomware and the many other things that threaten the security and continuity of your business. This way you can rest assured that you’re protecting all that you’ve worked so hard for!
Sources: