What is Ransomware?
Ransomware (definition): An online attack perpetrated by cybercriminals who demand a ransom to release their hold on encrypted or stolen data. In the past decade, attacks that fall under the ‘ransomware’ umbrella have evolved from a consumer-level nuisance of fake anti-virus products, to sophisticated malware with advanced encryption capabilities that now primarily targets public and private sector organizations.
Ransomware has evolved along a third axis, as well: the extortion-like business model threat actors use to force payment from victims. If victims fail to pay within the allotted time, criminals escalate the attack and threaten to release confidential data publicly, or even auction it to the highest bidder on the dark web. And in yet another evolutionary twist, ransomware is now sometimes blended with destructive attacks, ultimately aimed at destroying and disrupting operations despite claims to release the data once the ransom is paid.
By the numbers
- In a survey of over 550 cyber security professionals a whopping 50% do not believe their organization is equipped to withstand a ransomware attack.
- Attacks on businesses from ransomware have totaled almost $75 billion in damages.
- The average cost of a ransomware attack on a business was $133,000.
- Despite running up to date security, 75% of companies that were targeted were infected with ransomware.
Protecting Your Business – Ransomware is a Real Danger
The Cost of Ransomware
In February of 2018 Colorado’s Department Of Transportation (CDOT) was crippled by a ransomware attack that infected almost 2,000 computers, costing the city between $1 and $1.5 million to only partially recover. It took over two weeks just to contain the ransomware, and another two weeks to get systems back online. There were between 50 to 150 people working on fixing the issue at any one time.
The city of Atlanta was crippled by the SamSam ransomware in early 2018, and it cost over $2 million USD in government funds total in order to deal with the crisis, which debilitated city resources for several days. At the time, the ransomware attackers wanted about $50,000 USD in Bitcoin.
How do you protect your business?
When a ransomware attack is discovered, every second counts. Uninterrupted, time is the ally of the attacker. As time passes, more data and files are encrypted, more devices are infected, ultimately driving up both cost and damage. Immediate—yet methodical and informed—action must be taken.
Alerting IT security teams and allowing them to launch the incident response process that they have prepared to combat ransomware should be a first step. If you have a retainer contract with a third party provider it is advisable to engage them as well. Other parties to consider contacting are federal law enforcement and regulators, depending on the local requirements for the geographies in which your company operates.
Have a plan in place with your Managed IT partner
Your Managed Service Provider for IT services (MSP) must have a plan in place to detect and contain a malware attack. You must check with them to get the information you need. It could affect your business liability insurance as well as the life of your company. A good and credible MSP will have a plan in place that includes the key areas of detection, analysis, containment, response, and recovery. If you are unsure of their capabililties, call them and ask them directly. Ransomware can cost you a great deal in lost revenue, productivity, and in some extreme cases, your business. It is your responsibility to know this but with the right Managed IT provider, you should be able to feel safe and protected.
The way by which an organization first detects ransomware infection can vary according to the situation.
When embarking on the Analysis phase of the incident, it is essential to identify the specific variant of ransomware that compromised the environment.
epending on the scope of the attack, this operation can be lengthy and may involve both user devices and more pivotal machines and services that have been impacted.
Depending on the results of your root cause analysis, if the attack was made possible by vulnerable systems, those will have to be patched to prevent them from being re-exploited in the future.
fter any incident, large or small, it is recommended to meet with relevant stakeholders and discuss the elements that worked well and examine those that did not work.
Ultimately, some organizations feel compelled to make a decision about whether or not to pay a ransom. Factors that may force this decision more rapidly include a need to resume operations as quickly as possible, or to regain access to important files that cannot be recovered by other methods.
Holistic Approach to IT
Become empowered and get your questions answered first. We can guide you through the process for you to make the right decision.
Identifying and Supporting Your Goals
CITS is a Managed IT Service Provider. We specialize in meeting the needs of small to medium-sized businesses. Our clients outsource their technology needs to us so they can focus on their core business.
- Virtual offices
- Remote employees
- Video conferencing
- Virtual events