It starts off like any other day. You sit down at your desk, turn on your computer, open your first email – when suddenly a warning pops up on-screen.
‘Ooops. Your files have been encrypted. If you ever want to access them again, pay us £1,000. You have 6 hours to comply.’
What would you do?
For many mid-sized companies the answer is simple (and dangerous). Pay up, and quickly.
A survey of SME/SMB businesses conducted by AppRiver shows that more than half (55 per cent) would be willing to pay a ransom to get their encrypted data back. SMB’s at the larger end of the spectrum with 150-250 employees would be even more likely to pay, with 74% saying yes and 39% saying they would pay at almost any price.
It goes to show just how crucial data has become to modern business models. Three quarters of respondents said a successful attack would hurt their business, and only 36% thought they could weather a successful ransomware infection without significant losses.
Cybercriminals know this, and they’ve ramped up efforts accordingly.
A study earlier this year by Malwarebytes shows that Ransomware attacks are up by 500 per cent over 2017.
That’s surely because they work.
The WannaCry and NotPetya viruses unleashed in 2017/2018 infected computers in 150 countries and caused damages in the billions. Global businesses like Maersk and Merck suffered a global shutdown of computing and telephone networks. The City of Atlanta saw its government systems crippled. The NHS had to cancel 19,000 appointments and spent almost £100m to remediate the damage.
The hackers themselves are estimated to have made about £150,000 – a paltry sum compared to the total number if systems infected and the total damage caused, but still, not a bad payday. Just enough businesses were frightened by the threat to revenues and relationships to make the malware venture profitable.
If AppRiver’s survey is accurate, they’d enjoy a much larger return today.
Is it time to throw in the towel?
What does it say about confidence in our ability to ward off breaches and malware infection if so many businesses would be willing to submit to blackmail in order to make an infection go away?
Mid-sized organisations might feel particularly vulnerable as they have smaller cybersecurity budgets, but the truth is that organisations of all sizes have the power to stop ransomware. Some of that power lies in technical solutions, but even more of it rests with people.
If you want to avoid having to make the decision between paying ransom or losing access to essential data, follow these steps:
- First and foremost, conduct regular system backups and keep them on separate systems or physical media disconnected from the network. Cleaning up infected hardware and re-populating information across systems will take time, but you’ll know that a viable plan B exists if a catastrophic infection occurs.
- Next you need a step-by-step plan for business continuity and recovery. This includes having backups ready and testing them to ensure they work, having a manual or secondary process for continuing any impacted services in the short term, knowing who to turn to if you need recovery services, and running simulations to identify any weaknesses in the plan.
- Update systems when security patches arrive. The NHS infections of WannaCry were helped along by the fact that a security software patch had already been distributed by Microsoft, but a number of NHS machines hadn’t been updated.
- Understand that many if not most malware infections find their way into systems off the back of a phishing campaign. Training employees to spot a phishing attack can be one of the most effective ways to keep ransomware out and data safe.
Cybersecurity is about more than technology, it’s also about people, and strengthening the people side of the cyber equation means building a culture of security awareness. That means raising the visibility of security risks across the organisation, ensuring people are clear on company security policies, and empowering employees with the knowledge they need to spot an attack when it lands.
An effective security awareness training program is one of the best ways to ensure that everyone in the organisation has an appropriate level of know-how about security – and takes on a level of personal responsibility.
Of course for some businesses, simply paying the ransom and hoping to restore operations immediately could be a viable option – but it isn’t one we’d recommend. Evaluating the cost of business interruption versus the cost of restoration may well point to saying yes to blackmail. The next question though – will you get your data back?
Opinion in the cybersecurity community is mixed on this point, but a 2018 study by the CyberEdge Group suggests that less than 20 per cent of organisations who paid to have their files de-encrypted actually got them back.
It’s a risky roll of the dice.
And, to make matters worse, paying the ransom could well result in you becoming marked as a soft target for future attacks.
What we do know for sure, is that ransomware isn’t going anywhere – so it’s important to help make your organisation ransomware-proof. Need help educating your end users about ransomware? Let us help educate everyone in a fun, simple and engaging way – sign up for a free demo, today.