Ransomware takes your data from you and charges you to give you back access. Often your data isn’t removed, but encrypted in place, because moving will take too long, even on fast internet connections.
Before they became our customers, a number of business owners walked into their businesses one morning and all of their customer information, all of their solutions to old problems, all of their plans and documents, were encrypted and unavailable to their business. They had an email asking for many thousands of dollars to return access.
Worse, while ransomware attackers often do restore access when paid, sometimes they don’t. No guarantees.
In short, ransomware is a catastrophe to your business, a setback of months, and many thousands of dollars. And paying may not solve the problem.
Ransomware prefers to target small businesses. Small businesses don’t have the same security as large businesses, but small businesses have more money, and more data, than private individuals do. This makes a small business a logical target for ransomware. Since ransomware often enters a network through email, and your employees often open emails, ransomware has an easy time getting into a small business network.
A secure email with a browser add-on that only opens an email if its contents are verified is helpful, but is no guarantee. One or more layers of firewall, preferably monitored, also helps. Monitoring matters because an intrusion may happen weeks or months before the ransomware attack itself. The program inserted into your network or server may move your data or may scout out and bring in the ransomware attack. Monitoring is helpful for noticing that initial intrusion, and the unusual traffic as your network is scouted.
Some businesses think that cloud data is automatically secure from ransomware. It isn’t. While cloud services make every effort to exclude ransomware, they are not immune. You may login to your server on the cloud and discover it encrypted.
Many small businesses have a backup, but don’t update it regularly. Some business don’t even backup every few months. While a three month or six month old backup is better than nothing, using that to recover from ransomware will still be damaging to your business and to your profits.
What can you do?
1) Back up your data, preferably in two locations. Your first location is always local. There must be a drive of sufficient capacity sitting near your server. This is because that data has to be reloaded to your server after the ransomware attack. You must load (potentially) several terabytes of data back onto your server so that your business can resume operation. This can takes days or longer on even a fast internet connection, and these are days in which your business is handicapped.
2) Ensure that every backup has a history of at least a few days, so that if your server is encrypted on a Saturday, that Monday morning your IT company can restore you to Friday evening. A simple backup is great in the case of a lightning strike (if it survives), but may itself be encrypted by the time you discover the ransomware, because it backed up the encrypted data, and didn’t have a history.
3) A remote backup is also necessary. The backup that sits in your server room is subject to many of the same hazards as your server itself. A physical break-in, a fire, an electrical surge of sufficient force, all could be hazardous to both. Remember, the remote backup is neither as fast to reload nor as convenient – it’s best to think of it as the backup of the backup.
Consult us to ensure that your backups are being made automatically, every night, and with a history that will protect the backups themselves from ransomware. Don’t be one of the businesses that lose tens of thousands of dollars to the growing threat of ransomware!