Ransomware is taking organizations of all sizes by storm with a keen eye on the health care sector, as made evident by recent outbreaks in the Hollywood Presbyterian Medical Center in Los Angeles, and more recently the Methodist Hospital in Henderson, Kentucky. Although the ransom can be costly, the reality is that the downtime inflicted by ransomware can be even more damaging to businesses.
A recent report commissioned by Intermedia found that 72 percent of employees were unable to access their files for at least two days, and 32 percent were locked out for five days or more. Richard Walters, SVP of Security Products at Intermedia, believes that companies need to take this emerging threat more seriously, and can start to do so by taking the necessary steps to minimize the damages.
Minimizing Ransomware Risks
Click through for steps organizations can take to minimize the potential damages caused by ransomware, as identified by Richard Walters, SVP of Security Products, Intermedia.
Ransomware on the Rise
Ransomware is one of the fastest-growing trends in cyber crime, largely due to an overall increase in processing power that makes it possible for infected computers to encrypt their own files in a matter of hours. Compounding the problem is the rise of anonymous payment systems such as Bitcoin, which makes it easy for criminals to accept payment without fear of being traced. According to Intermedia’s report, 43 percent of IT consultants have had their customers fall victim to ransomware and 59 percent of respondents expect the number of attacks to increase this year.
The Next Great Threat to Business IT
When companies are victimized by ransomware, they then have to find a way to retrieve their data and get affected employees back to work before it significantly affects the business. While the ransom demanded can be costly at up to $5,000 per user, downtime is often even more detrimental. Intermedia’s report found that 72 percent of organizations could not access their data for at least two days following a ransomware outbreak, and 32 percent lost access for five days or more. Even worse, 19 percent of the companies that paid the ransom still didn’t get their files back. This interruption to “business as usual” can result in lost opportunities and decreased customer satisfaction that can have long-lasting ramifications on a company’s success.
As ransomware continues to evolve, so do its targets. Nearly 60 percent of businesses hit by ransomware had more than 100 employees, and 25 percent were enterprises with more than 1,000 employees. What’s more, the virus was observed propagating rapidly within corporate networks: 86 percent of outbreaks affected two or more employees, and 47 percent spread to more than 20 people. While targeting larger businesses results in a bigger payout, every individual and company needs to be on alert – with ransomware, any type of data is vulnerable to being held for ransom. The following slides highlight five steps organizations can take to prep themselves against this pervasive threat.
In a recent study, 94 percent of people couldn’t tell the difference between a real email and a phishing email 100 percent of the time. Business leaders should promote security awareness among their employees, and train them to be able to spot phishing emails before they click. It’s important to note that the employees are the frontline and the most vulnerable when it comes to the success of these attacks, so they should be best equipped to spot them.
Ransomware attacks use various points of entry – including infected web pages, thumb drives or emails. While phishing tactics have typically been used to trick users into sharing sensitive information, this method is now being used to deploy ransomware. To effectively defend against these kinds of attack methods, email defense should go beyond spam and virus scanning. It should also be sophisticated enough to recognize and block phishing attempts. While you need to block every single attack, the criminals only need to succeed once. Plan in advance for how you’ll contain the damage before they do finally break through.
Usually when ransomware hits, IT doesn’t learn about the infection until after the malware is already inside the network and the damage is well underway. If your business is a victim of a ransomware attack, your top priority should be to isolate the infection to keep it from spreading. It’s critical to take infected machines off the network immediately and to identify the source of the malware so that any security vulnerabilities can be patched.
Businesses should plan in advance for how they’ll contain the damage and keep business operations up and running in the event of an attack. It’s important that companies implement business continuity solutions that allow them to conduct mass rollbacks to clean versions of files, while enabling users to continue working from alternate devices. Such a solution enables employees to remain productive during a ransomware outbreak without the forced option of paying the ransom.
Evaluate if paying the ransom is your best bet. If you have off-site, real-time cloud backup, then you will be able to dodge downtime and get back up and running without giving in to the criminal’s demands. But if you aren’t prepared for an outbreak, paying to regain access to the files may be more pocket-friendly than halting business operations for an extended period of time. Seventy-two percent of infected business users could not access their data for at least two days following a ransomware outbreak, and 17 percent were down for at least 10 days – that’s time and money that can never be regained. Can you afford to take that risk?