Ransomware can quickly cripple a business. Worst-case scenarios costs can run into thousands or even millions of dollars to get the company up and running again.
Ransomware can quickly cripple a business, and the problem appears to be growing as evidenced recently when the US government issued a warning about Bad Rabbit — a ransomware attack that spread through Russia, Ukraine, and other countries.
Such attacks can be costly for businesses because ransomware infects a computer, blocks access to computer files, and demands that money be paid before the computer is "released."
If there’s no data backup, the business could be in serious trouble.
Most attacks are against financial, medical, and retail business sectors.
The ransoms are usually $1,000, and most companies pay it. In some cases, these days, though, money isn’t the goal. I think they are moving towards more terroristic attacks, and are being paid simply to create havoc.
Unfortunately, even paying a ransom is no guarantee a company’s data will be freed because, on occasion, the perpetrators demand even more money.
The worst-case scenario, though, occurs when the attacker has so completely destroyed data files and infected hard drives that they are unable to get the data back. The cost can run into thousands or even millions of dollars to get the company up and running again.
So how does a business protect itself against ransomware? Here are a few suggested precautions:
Beware of viruses masquerading as virus protection.
Do your research and make sure you’re purchasing your virus protection from a reputable brand. Be careful of virus protection software that appears magically and tells you it detected a virus. If you don’t recognize the brand, ignore the findings. That notification may be a virus itself.
Install firewall protection.
Make sure your hardware and software are protected with firewalls and software that scans the environment for worms, harmful attachments and attacks.
Set up procedures and protocols for data access.
It’s important to make sure access to data is limited. For example, the system administrator role should be handed out to a limited number of employees, who should not share log-in information with each other. Also, when an employee leaves, make sure their access is taken away and passwords changed.
Have backups of all important data.
If you have your information backed up in an offsite location, then you won’t lose it to cyber kidnappers. Whether it’s large companies or small businesses, too often people forget to back up their data.
Be careful about Google search results.
Sometimes a Google search itself makes you vulnerable. You don’t want to download anything unless you know you are on the correct site. The criminal hackers now have very sophisticated strategies to get you to click and download their malware and can infect your environment very quickly.
Figure out what kind of ransomware you’re dealing with.
If your system is hijacked, know this: Not all ransomware is equal, and you may not need to pay the ransom. One type of ransomware basically locks you out of your applications and processes. It may create a barrier between you and the computer’s interface, so you can’t get past the ransomware attack screen. But the good news is this type of ransomware can be cleansed and your files restored without paying the ransom. A second type of ransomware is more insidious. It encrypts and renames your files, so you don’t have any access to them until you give in to the ransom demands.
Businesses should review their security processes at least once a year. You may want to hire an outside source to review security and, if you believe it necessary, even hire a professional hacker to look for holes in your system.
About the Author: Penny Garbus, co-founder of Soaring Eagle Consulting Inc., is co-author of Mining New Gold — Managing Your Business Data. She has been working in the data-management field since leaving college when she worked as a data entry clerk for Pitney Bowes Credit. She later ran the training and marketing department of Northern Lights Software. For more information, please visit www.SoaringEagle.guru