What Could One Ransomware Attack Do To Your Business?
Are you tired of hearing about ransomware?
Well, too bad major ransomware attacks keep happening for one simple reason: they’re effective. You’ve probably heard plenty about what a ransomware attack can cost an organization like yours. According to Beasley Breach Response’s 2019 noncompliance report:
- The average ransomware payout is $116,000
- The highest ransomware demanded by cybercriminals was $8.5 million
- The highest ransom paid by a target organization was $935,000
It can get a lot worse though – as bad as it sounds, having to pay the ransom isn’t the worst thing that can happen to you:
Can Ransomware End Your Business For Good?
Short answer? Absolutely.
When the damages become too severe for a business to handle, they have to shutter their doors for good. That’s precisely what happened to The Heritage Company.
This 300-employee telemarketing firm was hit by ransomware in October 2019. After paying hundreds of thousands of dollars in ransoms to get their data back, they still struggled to continue delivering services to their clients.
Just a few days before Christmas, CEO Sandra Franecke sent a letter to the entire company:
“Unfortunately, approximately two months ago our Heritage servers were attacked by malicious software that basically ‘held us hostage for ransom’ and we were forced to pay the crooks to get the ‘key’ just to get our systems back up and running.”
In the end, the cost was too high, and all 300 employees had to be let go. When the ransom is that steep, and the data recovery process is that inconsistent, can you expect to survive a ransomware attack?
Maybe not – that’s why you have to learn to protect yourself:
How Can You Protect Yourself Against Ransomware?
Be sure to follow these six key tips, which are applicable to organizations, employees and individual computer users:
- Confirm that anti-malware and antivirus settings are deployed to automate all updates and to continually conduct system and device scans.
- Access controls should be configured so that shared permissions for directories, files and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories.
- Train your staff to ask themselves these key questions before opening an email:
- Do I know the sender of this email?
- Does it make sense that it was sent to me?
- Can I verify that the attached link or PDF is safe?
- Does the email threaten to close my accounts or cancel my cards if I don’t provide information?
- Is this email really from someone I trust or does it just look like someone I trust? What can I do to verify?
- Does anything seem “off” about this email, its contents or sender?
- Macro scripts in office files should be disabled when sent over email.
- Software restriction policies should be created or other controls implemented that prevent the execution, especially in the common locations where ransomware lurks, such as temporary folders used by the most common web browsers.
- If you have you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.
That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.
Be sure to:
- Back up data on a regular basis (at least daily).
- Inspect your backups to verify that they maintain their integrity.
- Secure your backups and keep them independent from the networks and computers they are backing up.
You can also ask for help – Alvarez Technology Group will help implement robust security measures, deploying security devices like firewalls, patching, antivirus software updates, intrusion and gateway protection, to name a few.
Like this article? Check out the following blogs to learn more: