Guest Blog: Do You Have a Ransomware Defense Plan and Will It Work?
January 30, 2019 — Have you heard of ransomware? This cyber attack scheme hasn't garnered nearly as much attention as the usual "break-in-and-steal-data-to-sell-on-the-Internet version," but it can be even more debilitating. Ransomware attacks have begun appearing in the last few years, and its practitioners are so polished that in a few cases they even have mini-call centers to handle your payments and questions.
With so much of your financial and other data being digital, it is extremely important to understand how to mitigate the risks posed by malicious attacks such as these.
What is ransomware?
Ransomware stops you from using your PC, files, or programs, and the business model is as old as the earliest kidnapping. They hold your data, software, or entire PC hostage until you pay them a ransom to get it back.
What happens is that you suddenly have no access to a program or file and a screen appears announcing that your files are encrypted and you need to pay (usually in bitcoins) to regain access. There may even be a Doomsday-style clock counting down the time you have to pay, and hopefully not lose everything.
According to a report from Datto, 79% of managed service providers (MSPs) report clients struck by ransomware, and the average cost of business downtime is 10x greater than the ransom requested—MSPs report an average ransom for small to midsize businesses of around $4,300, but an average cost of downtime related to the ransomware attack of $46,800.
Interestingly, one of the more common "market segments" being targeted in the US has been public safety. Police department data is held hostage, and in many cases, they have given up and paid the ransom. They had little choice, and they aren't the only ones. A hospital in southern California also fell prey, as did one in Texas.
The good news though is that there are some steps you can take to reduce the risk posed by a ransomware attack—and to deal with an attack if one occurs.
Things you can do before and during a ransomware attack
- Designate who has administrative permission on your computers and servers, and set a rule whereby new software installations have to obtain administrator permission.
Keep your browser extensions and security software up-to-date. For example, some attacks exploit vulnerabilities found in flash or java plugins of your web browser, so keeping them up to date means that there should be fewer opportunities to breach your system.
Disconnect from the internet if you are attacked. If your machine and/or your company’s machines are all on an internet-connected network, either with a cable or wireless connection, the infection could spread throughout it. You need to disable the connection and then try to identify what type of attack you are experiencing. It is sometimes possible to work with a firm that specializes in cybersecurity to get your files decrypted without paying a ransom.
Restore your computer from a good backup (you do have your important data backed up, right?). When you ‘delete’ files they are still on the hard drive platter and simply stop being indexed by your machine. The data itself persists until it is either overwritten or otherwise corrupted. Therefore, you must either overwrite a drive with new data or physically destroy it to wipe what you want to—and start with a clean slate.
Ransomware can be especially insidious because backups may not offer complete protection against these criminals. Such new schemes illustrate why you need to have a professional security service that can keep you up to date on the latest criminal activities in the cyber world. Talk to an MSP about possible protections against ransomware.
You can learn more about ransomware on Netrix IT’s website.
The publishing of this guest blog article on www.redpathcpas.com does not imply endorsement or support of any of the services, products, or providers mentioned herein or contained on external websites linked from this page. All information, views, and opinions are those of the author and do not necessarily reflect the official policy or position of Redpath and Company or any other agency, organization, employer, or company. Redpath and Company makes no representations as to the accuracy, completeness, correctness, suitability, or validity of any information in this blog article or on externally linked websites—and makes no effort to verify, or to exert any editorial control or influence over, information on pages outside of the www.redpathcpas.com domain. All information in this guest blog article is provided on an as-is basis, and it is the reader’s responsibility to verify their own facts. As such, the information in this guest blog article is provided with the understanding that the authors and publishers are not herein engaged in rendering legal, accounting, tax, or other professional advice and services, and it should not be used as a substitute for consultation with a professional advisor.