With cyber crimes befalling major companies on what has become a regular occurrence, we all have to wonder if our businesses could be targets for a cyber attack. We here at DDS Rescue get this question from our clients on a daily basis.
I should point out that DDS Rescue is a Business Continuity System that was designed when the most common threats to keeping your network running came from hardware failure or natural disaster. That is not the case today. Although we still see hardware failure as often as we have in the past, the most common reason for our customers to need their DDS Rescue system to step in and run their network comes from security threats; threats that for the most part, did not even exist two short years ago.
The most common type of cyber threat that we run across is Ransomware. This nasty type of Malware became known when CryptoLocker was detected in September 2013. This threat has quickly grown to be a very real problem. In fact, helping offices recover from Ransomware attacks has become the single largest threat to servers that we deal with today. A recent McAfee Labs Threats Report states that new samples of Ransomware increased 58% from Q1 to Q2 this year. In two short years the number of individual samples of Ransomware has surpassed 4 million and is growing at an increasing pace.
So how does it work?
Ransomware is a type of Trojan virus that once in your system begins encrypting key files within your computer. Once your files are locked, a message will appear on your computer screen to inform you that you have a limited amount of time to pay a ransom. If you agree to pay, they say they will send you the key that will unlock your files. If you don’t pay the ransom, you will be locked out of your files permanently.
What should you do if you get attacked?
If you listen to the authorities, they advise against paying any ransom and their reasons are sound. For one, there is no guarantee if you pay the ransom that you will ever receive the key to unlock your files. In addition, there are examples of offices that have paid the ransom and then had Ransomware strike again just a week later.
Of course not paying the ransom also has pitfalls, the most critical being the availability of a complete set of your files, including images, to use to rebuild your server.
I need to make a very important point. If your present backup utilizes removable hard drives then most likely it, too, will be locked by Ransomware, rendering it useless in recovering your data.
Since the amount being extorted is usually less then $1,000.00 it would seem paying is the best path. Experience has shown that the ransom is the least expensive part of this crime.
In the case of paying the ransom, we have learned most, but not all, offices do receive the needed key to unlock their files. In each case there has been damage to the files, as much as 30% to 50% of their files were corrupted. Also, the Ransomware was not removed from the server.
In the case of not paying the ransom, if handled correctly, the Ransomware is eliminated. Restoring your data will depend on your backup: what files are backed up and the quality of those files. If you do not have your backup validated regularly, then there is a good chance that you will have problems fully restoring your data. Also, the billable hours by your IT professional to recover your data and rebuild your server will add up quickly.
Whether an office elects to pay the ransom or not, one thing is clear: the down time caused by these attacks will average 4 to 6 business days.
To fully recover from a Ransomware attack a true Business Continuity System is needed. All of our DDS Rescue customers that have been attacked have fully and quickly recovered without paying the ransom. With the Ransomware removed from the server and due to the DDS Rescue unit stepping in to run the office network, there was no down-time or loss of production.
To answer the opening question, yes, your office is a target for cyber attack. As Ransomware continues to grow so does the need for you to prepare for a rapid and full recovery if and when you are attacked.