March 13, 2017
Every day people go on the internet and are at risk from cyberattacks. Some of these attacks use highly sophisticated technology that can create a ransomware nightmare. Ransomware attacks by locking you out of your system and demanding a ransom to unlock it.
The Ransomware Attack
In Atlanta, there was a healthcare provider doing business as usual. One day an employee from the company received an invoice in an email that looked like a standard invoice from a doctor in their network. When the invoice was opened, the computer and all data on the company server was compromised with a cryptolocker Trojan. On the screen was a message demanding thousands of dollars in payment via bitcoin to get the password to unlock the files.
This wasn’t your average medical invoice but a particularly nasty ransomware called cryptolocker that targets computers running Microsoft Windows. Cryptolocker usually gets delivered as an emailed invoice. The email should have seemed suspicious because of the unusual sender e-mail address, but once opened, it was too late. Files were encrypted and the entire system froze, bringing the entire company operation to a screeching halt. The message clearly explained that the company’s data was encrypted and would not be restored until the ransom was paid, and there is no way around it other than restoring your data from a ransomware-resistant BDR system.
Ransomware attacks can affect everyone using desktops, smartphones, and other devices, and in every industry from medical to engineering, retail to real estate, hosspitals to public schools, and to government agencies. For a small business, it will mean the entire business’ digital assets are inaccessible. With increased sophistication from cybercriminals, ransomware is targeting bigger businesses, too, and spreading into their networks.
The Ransomware Nightmare
According to the FBI, ransomware attacks cost their victims a total of $209 million in the first three months of 2016, a stunning surge upward from $24 million in all of 2015. In addition, sometimes demand for payment is in bitcoin. Do you know how to get bitcoin if you need it? If the company doesn’t have bitcoin payment options, they must scramble to get it. But the biggest problem is loss in productivity.
Based on Intermedia’s 2016 Crypto-Ransomware Report, most businesses experience an average of two days of downtime. Business downtime is a far bigger cost than the ransom itself. It’s the loss of productivity and lack of access to critical data, even emergency data, that can create the real ransomware nightmare.
It is devastating when your data is locked or encrypted. Ransomware locks up entire systems and your servers, stops critical processes from running and denies access to the records and other data needed for major decisions. The longer it takes to get back to normal, the higher the potential for problems. Projects are put on hold and clients become upset, and customers may avoid doing business with you in the future because your system has been compromised.
In some instances, such as with the Atlanta healthcare provider, that data involved critical patient information that was needed by doctors to properly make a diagnosis or approve prescriptions. It meant a patient went untreated. And it could have been far worse if a patient’s life was at stake. There was an increased immediacy to get the data back up and running.
When ransomware strikes, a business has a hard decision to make. Stress levels are very high. Time is of the essence. Either the business spends multiple days recovering locked files from backups or pays the ransom, and if you pay, the hacker may have your credit card information. Without proper backup already in place, businesses often have no choice but to pay the ransom. In early 2016, operations at a Los Angeles hospital came to a near halt, leaving staff to use faxes and paper notes to communicate before a $17,000 ransom was paid.
Even with a good backup plan, recovery can be tricky and take time. And unlike previous Ransomware that locked operating systems and left data files alone and usually recoverable, Cryptolocker makes extortion of victims more effective because you can’t retrieve locked files without the attacker’s private key.
The solution is a defense against Ransomware that combines education and training, proper backup and disaster recovery, regular maintenance and software updates, and improved communication. Find information in our article “Learn to Protect Yourself and Your Clients from Malware” and read about “Cybersecurity Tips for Small Business”.
Boost IT can help you be prepared. To learn more, contact us at 404-865-1289.