The chances of disasters like a fire are relatively low — but still catastrophic.
In Northeast Ohio, Willoughby-Eastlake City Schools’ Board of Education burnt down in March. Blue Technologies General Manager Paul Sems says they provided the software that protected student records in a secure, off-site server.
On top of physical and technical risks, however, ransomware makes cloud backup more important than ever.
Smart Business spoke with Sems about ransomware and disaster recovery.
What is ransomware? How common is it?
The FBI defines ransomware as ‘a form of malware that targets both the human and technical weaknesses in organization and individual networks in an effort to deny the availability of critical data and systems.’ The criminal demands a ransom from the victim to get the data back. The type of malware (malicious software) that is used includes CryptoLocker, Locky, TeslaCrypt, CBT Locker and CryptoWall.
More than 40 percent of U.S. firms have been victims of ransomware over the past year, according to Malwarebytes research reported in The Guardian. The number of attacks is likely even higher. The FBI believes only 25 percent of companies report this crime. It’s embarrassing. No one wants customers asking, ‘Why am I doing business with you if you can’t secure your own data?’
Who is vulnerable to these attacks?
Every business is vulnerable. How much is it worth to access customer records, orders, inventory, balance sheets and P&L statements? Even consumers are at risk. A ransomware attack could extend to a business executive’s digital photo library.
Some high-profile attacks in 2016, according to Carbonite, were:
- Hollywood Presbyterian Medical Center attacked with Locky. It didn’t have reliable backups and paid a ransom of $17,000.
- The Ottawa Hospital attacked with a variant of CryptoLocker, WinPlock. It had reliable backups and was able to recover.
- Gigabit Geek attacked by CryptoWall. It lost a large portion of data. It didn’t pay.
The only known way to recover is to restore data from reliable backups. If backup files are on the same network as the systems they are protecting, the backups are at high risk of also being encrypted during an attack.
What can companies do about this risk?
The FBI and security experts recommend employers implement awareness programs to prevent social engineering attacks.
Businesses should ensure all systems and applications are patched and updated. Many attacks could be prevented with updated versions of Adobe Flash. The Verizon 2016 Data Breach Investigations Report found more than half of systems’ Flash hadn’t been updated in over a year.
Also, remove administrative privileges from all ‘user’ accounts (even IT staff) and set up dedicated administrative accounts that are only used when needed.
Most importantly, have a reliable backup solution where backups aren’t connected to the computers and networks they’re backing up. A cloud file sharing solution is not a data backup solution. It is just as susceptible because the encrypted files are just synchronized to the cloud.
Doesn’t anti-virus and anti-malware software help protect you?
Of businesses that were ransomware victims, 93 percent had current and active anti-virus and anti-malware software at the time, according to Datto’s State of the Channel Ransomware Report 2016. Prevention software programs block known bad software, but the Verizon report says that 99 percent of the signatures (hashes) of the malware used in a ransomware attack existed for less than 58 seconds before it was used.
If your company isn’t using secure, reliable off-site professional cloud back up, you shouldn’t feel comfortable. It’s time to better protect your systems — so you’re ready for ransomware or another disaster.
If you’re a victim, what should you do?
Contact your local FBI field office. The FBI also set up the Internet Crime Complaint Center (http://ic3.gov) for these crimes. Again, the only known cure is clean, reliable backups. The FBI doesn’t support paying a ransom that could range from a few hundred dollars to over $50,000. Paying doesn’t guarantee you’ll regain access to your data.
Insights Technology is brought to you by Blue Technologies Inc.