No one wants to receive a call, email or text letting you know that your business has been impacted by ransomware, and all of your digital assets are being held hostage by cybercriminals. A million things are likely to go through your mind as you panic -- trying to determine whether you should pay the ransom, what the long-term effects will be on your business and customers and the steps you need to take to get your business back up and running quickly. Organizations with a trusted IT managed services partner have a resource to turn to, but what if you're feeling all alone during this stressful time? Here are answers to some of the most important questions you may have after you're hit with a ransomware attack.
Ransomware Statistics That Will Frighten You
Malware is a term that many people are familiar with, as it's the shortened term referring to "malicious software". A term that may not be as familiar only a few years ago is now becoming much more common in business vernacular: ransomware. When your business is impacted by ransomware, cyberattackers essentially lock down access to your critical business systems and files, make it impossible to regain access to your files without paying a toll to the hackers -- often in untraceable Bitcoin or other digital payment options.
Ransomware isn't something that happens to "someone else"; studies show that 41% of businesses in America were impacted by some form of cybersecurity attack, according to a survey by Malwarebytes. Many of these organizations also discovered that they had been hit multiple times, with 6% of businesses n the U.S., Canada, U.K. and Germany finding themselves the target of more than 6 or more attacks on an annual basis. Of these businesses, 54% indicated in the survey that they lost revenue due to the cyberattack and their inability to access files that were critical for the business. What's more frightening is that ransomware has an unexpected ability to cripple businesses, with 1 in 5 businesses reporting that they had to completely shut down operations after a successful ransomware attack. These organizations are plunged into the digital dark ages, without access to customer or vendor information, websites and telephone systems that immediately go dark and more. This paints a grim picture, especially for small businesses who rely on their daily sales in order to maintain operations.
If your business has been the target of a ransomware attack, we've pulled together some questions and answers that might help you to move your business forward.
Should I Pay the Ransom to Get Rid of Ransomware?
You might be wondering what's the best way to get rid of ransomware. Will paying the ransom truly get your files back? Only 3% of U.S. businesses decide to pay the ransom, while 75% of Canadian businesses surveyed decided to ante up to the cybercriminals in order to regain access to their files. Low-level ransom demands of $500 or less are the most common in the U.S., while businesses in Germany are often slammed with ransom requests of $10,000 -- or more. According to Trend Micro, a leading security software manufacturer, recommends that businesses should not pay the attacker, but the decision truly depends on the impact to the business. If there is a risk of losing years worth of data and customer information, it would be difficult to simply not pay the cybercriminal and hope that you can find someone able to remediate the issue.
What Happens If We Pay the Ransom and Don't Receive the Decryption Key?
Losing access to your data may not be the worst of your problems, as you might find that even after you pay the requested ransom exactly as you are supposed to -- you still don't receive the decryption key that will unlock access to your business systems and data. There are many stories where simply paying the ransom would have been dramatically cheaper than working with your IT department or trusted technology services partner to remediate the problem. Unfortunately, it's impossible to know if your unscrupulous hackers are also lying about whether they will release your data from lockdown before you actually make the payment. If hackers do not provide the decryption key, you're left behind attempting to rebuild your systems and information, which can take additional time and money as well as pull your focus from crucial business problems. The FBI recommends not paying ransoms during a ransomware attack, as your payment may set a precedent for being attacked again in the future.
Are There Ways to Break the Encryption Without Paying?
The short answer is "Maybe", but there will certainly be a cost associated with the effort. There are some free or inexpensive tools available that can break some encryption, but they're not workable for all instances. Your safest option is to work with cybersecurity professionals with your local IT managed services provider to ensure that you don't end up in a worse situation than you started. RansomWarrior, a popular version of ransomware from mid-2018, can now be cracked with relative ease, but that also means that cybercriminals are less likely to go in this direction in the future.
How Do We Get BitCoin to Pay the Ransom?
You've been attacked, and you've made the decision to make the payment. Now what? If you're not familiar with BitCoin (and few businesses are!), then you'll need to first gain access to a secure digital cryptocurrency such as BitCoin. Attackers love this payment method as it's virtually untraceable and quite valuable. Your friendly neighborhood cybercriminals may be more than happy to share where you can buy BitCoins, but it's safer to buy your cryptocurrency from a trusted exchange. CSOOnline.com recommends you check out Coinbase, as it's relatively easy for newbies to use and is ensured -- and meets cybersecurity safety standards.
Why Did Our Network Get Encrypted During a Ransomware Attack?
While malware which tends to be more randomly applied across businesses is on the decline, ransomware attacks continue to be prevalent across the U.S. and around the world. Ransomware is considered easier than data exfiltration, because all you have to do to make money is hold information for ransom -- you don't have to actually remove the data from various systems or locations. Ransomware is so successful for cybercriminals because there is a significant amount of real and perceived pain that can come to your business as a result of losing access to your business data. When faced with weeks of downtime, thousands of dollars in technology expenses and extensive revenue losses, it's often easier for an organization simply to pay up to the cyberattackers. Small to mid-size businesses are the preferred options for attackers, as well as organizations such as hospitals where the need to quickly regain access to patient information makes the business more likely to pay the toll. One of the key ways that attackers gain access to your organization is through an open port on your firewall.
What is an Open Firewall Port and Why Is It Bad?
When cybercriminals are hunting around for ways to backdoor your security processes and find a way into your business systems, one way that they determine available options for egress is through scanning for open ports. An open port on your firewall can allow cybercriminals to send requests to targeted computers, tracking the ports that respond to the request. This process is similar to a criminal checking the doors and windows in your home in an attempt to find an open one that provides easy access to the goodies inside. Your firewall provides a level of protection to your organization against intruders, but it is also responsible for allowing other communications through. How can your firewall tell whether traffic is "good" or "bad"? There are cues that your software is looking for, but active protection against cybercriminals is your best defense by far. Ports are simply endpoints for your various connections, and they can easily become vulnerable to attack if your cybersecurity procedures are not up to snuff.
While we hope that you are never faced with a ransomware instance, it's good to know that there are professionals you can count on to help walk you through the process of regaining access to your sensitive business data and systems. Cybersecurity is a complex and ever-changing topic, that requires a great deal of ongoing education to ensure that you stay current on research and are able to make decisions based on immediate challenges. At Alltek, we work closely with each client to ensure that we understand their unique needs and are able to define and deliver a robust cybersecurity platform that will help protect your organization both now and in the future. Contact us today at 863-709-0709 or visit us online to chat live with a representative and learn more about our services.