Usually, it is not the ransom itself, but business downtime and other consequences that will really disturb your businessEnd-Point-Protection // 04.01.2017
Ransomware is big news today. In fact, during Q3 in 2016, ransomware attacks more than doubled. And no wonder – it is big business. The FBI estimated the profits related to ransomware at one billion dollars in 2016.
Paying the possible ransom will of course hurt. But what will probably hurt more are the other repercussions to your business from a successful ransomware attack.
First, you have the lost business time. Think about an online store for example. Having your site down will have a direct effect on the bottom-line result. Think of San Francisco, where the city was forced to give free rides to all after ransomware hit their transportation system. Or what if you are a hospital or other healthcare operator and you cannot sign in patients? There would be no operations during that time.
There will be other effects as well. Your IT staff has to spend a lot of their valuable time searching for the problems, isolating them, and trying to fix them. In many cases, it is not just the infected computers that are rendered powerless, but also other devices need to be pulled down from the network to avoid further damage. Meanwhile, most of your employees will not be able to work and you face quite significant productivity losses, regardless of whether you pay the ransom or not.
Secondly, there is the possible loss of critical data. In some cases, we have seen customers successfully back up their financial data, but not other business critical assets. For a design agency, for example, the loss of their image and design files would be unbearable. Or, thinking of hospitals again, what if you lost patient data? That would be a risk for patient safety at least. For the healthcare industry, the threat is more than real – 88% of all ransomware attacks target it.
Thirdly, coming back to the potential loss of patient data, the problems that you might face with your operations are not the full story either. Privacy laws and regulations are pretty strict when it comes to personal data, and the probability of facing penalties is high. As for financial data, there are other laws governing the obligations to keep archives for several years. Therefore, if a ransomware attack makes you lose the data for, let’s say even the current quarter, you would face a huge task to restore the data to be prepared for a possible audit two years later…
One key element of protecting your organization against ransomware and other malware attacks is security awareness training, which is key in preventing employees from clicking on phishing email links. The lack of overall security awareness – in addition to the fact that hospitals hold a lot of critical personal data – is one of the reasons why hospitals are such an enticing target for cyber criminals.
So, what should you do if and when you find out that your organization has been hit by ransomware? Here’s some advice from Andy Patel, one of our own security experts: “If your organization has been hit by crypto-ransomware, stop, take a breath, and respond to the incident in a level-headed manner. You’re going to want to start by isolating and remediating affected machines before restoring data from backups. Make sure you don’t restore the original infection vector during that process. And when your systems are back up and running, remember to kick off a root cause analysis. Learn from the experience and improve your processes and systems in order to avoid future infections. The more prepared for the eventuality of a crypto-ransomware attack your organization is, the less likely you’ll end up panicking.”
If you wish to assess your current capabilities to handle ransomware attacks – or any other type of malware attack for that matter, please check out our practical handbook for endpoint protection. It will give you the tools to assess your current capabilities, give guidance on best practices, and help evaluate the most critical requirements for an endpoint protection solution that can stop ransomware in its tracks.