Statistics show that there is a ransomware attack launched every 11 seconds. Studies place the average ransom paid as over $200,000 and the average number of days the business is unable to function is 19.
So much for statistics. The truth is, whether a company has its own IT resources or not, it is unprepared for the impact ransomware will have on its business. If a company does not have the help of an outside technical expert, the minimum likely downtime for their business is 2 days while they lock everything down, turn everything off and start to figure out what happened and how to respond.
In the real world, many smaller companies use a cloud backup service provider that utilizes their Internet service each night. They believe, with some logical justification, that because their data is backed up off-site, they are protected and in an emergency, can resume operations quickly.
Also in the real world, this is a flawed belief.
There are three huge problems with this strategy:
1. How far back do you have to go for a clean copy of your data?
2. Although you might pay for a large Internet connection at your office, there will definitely not be enough bandwidth from the cloud provider back to you, to download your data in a timely manner.
3. Perhaps most importantly, all of the different IT systems used must be restored individually.
It is not unusual for a data download from the backup vendor to you to take five or more additional days! This substantially increases the cost of downtime, and even if the victim chooses to pay the ransom, it is likely that the same actor will repeat the extortion very soon after the first episode, because the company is now a source of revenue to the extortionists and is obviously unprepared to defend itself.
If a business believes that it is prepared for a ransomware attack, backup copies go back to some point in time. Some ransomware attackers will wait for several months before triggering an attack, so there must be a strategy for how long to retain backup data.
This is a list of typical events very common to victims of ransomware:
• News of the attack causes panic in an organization.
• IT teams rarely have ransomware experience and are typically not prepared to respond.
• Management won’t want to tell outside parties, which complicates recovery.
• If backup copies are not actually tested, in reality there is no backup in place.
• Ransomware may end the business ’viability.
Things that will help protect against ransomware:
• Careful preparation.
• Expert planning assistance.
• Knowing exactly where the physical copies reside and being able to obtain a physical copy.
• Wherever you are, get assistance from a local solution provider.