Statistics show that there is a ransomware attack launched every 11 seconds. Studies place the average ransom paid as over $200,000 and the average number of days the business is unable to function is 19.
Whether a company has its own IT resources or not, it is unprepared for the impact ransomware will have on its business. If that company does not have the help of an outside technical expert, the minimum likely downtime for their business is 2 days while they lock everything down, turn everything off and start to figure out what happened and how to respond.
Many smaller companies use cloud backup service providers that utilize their Internet service each night. They believe, with some logical justification, that because their data is backed up off-site, they are protected and could resume operations quickly.
The problems with this strategy are three-fold.
The first problem is figuring out how far back to go for a clean copy of your data.
The second is the fact that although a company might pay for a large Internet connection at their location, there is almost certainly not enough bandwidth from the cloud provider to download their data in a timely manner.
The third and perhaps most important problem is that all of the different IT systems used must be restored individually.
It is not unusual for the download to take five or more additional days, which substantially increases the cost of downtime, and even if the victim chooses to pay the ransom, it is likely that the same actor will repeat the extortion, because the company is a source of revenue and is obviously unprepared.
If a business believes that it is prepared for a ransomware attack, backup copies go back to some point in time. Some ransomware attackers wait for several months before triggering an attack, so there must be a strategy for how long to retain backup data.
This is a list of typical events common to victims of ransomware:
- News of the attack causes panic in an organization.
- IT teams rarely have ransomware experience and are typically not prepared to respond.
- Management won’t want to tell outside parties, which complicates recovery.
- If backup copies are not actually tested, in reality there is no backup in place.
- Ransomware may end the business’ viability.
Things that will protect against ransomware:
- Careful preparation.
- Know where the physical copies reside.
- Local solution providers deliver more protection options.