Ransomware demands are stinging more and more businesses and organizations. Hospitals, schools, social networks...on some days, it appears to be an epidemic that jumps around at random, and hackers are raking in millions.
Tallied across the world…it adds up to billions.
Ransomware assaults are deceptive in their efficiency of use. A user in the target company is duped into opening a file, typically via a phishing email or download. The file contains malware that immediately encrypts your files and wants money in exchange for the password.
No payment = no password = no data
All targeted organizations should have backups that they can simply restore without paying any money. Still, the FBI estimates that more than $209 million was given to hackers in the first quarter of 2016. Keep in mind that this only includes payments made within the United States, including those who came forward.
It was barely $25 million in 2015.
Aren’t backups helping?
When a backup solution fails, the data cannot be recovered. This is especially true when the solution has been in use for years, and something has gone wrong along the way.
In other cases, the target company has a backup that can be restored. Still, it does not contain everything required for a full recovery.
Finally, this is the most prevalent reason why so many organizations are forced to pay the ransom: the ransomware assault affects the entire system, including attached and synchronized backups. Furthermore, suppose the backup is also encrypted by the ransomware. In that case, it is rendered ineffective as a recovery mechanism. The only options are to pay or lose the data forever.
Each day spent attempting to recover the data consumes precious business resources and, in many circumstances, results in massive revenue loss.
The only defense is to stop the malware before it infects the first workstation and continues the protection using an all-encompassing backup strategy for all workstations and servers.
Would you like to discuss ITSM processes and IT policies to improve your IT Security Management, Vulnerability Management Policy, or Backup and Recovery Policy? Feel free to reach out, and I will find solutions.
GET IN EARLY!