Ransomware, that word is quickly becoming one of the biggest fears in the small business world.  Major networks such as the city of Atlanta ( https://en.wikipedia.org/wiki/2018_Atlanta_cyberattack ), Colorado Department of Transportation (
https://www.govtech.com/security/Colorado-Hack-Offers-Larger-Lessons-for-Cybersafety.html ) and other sites have all been heavily impacted by ransomware infections. On the low end of the scale, just the ransom can cost in the area of $2,000 – $3,000 for a single infected workstation. For a full server that has been encrypted you can expect to pay $10,000 – $50,000 or more. Once the ransom has been paid and the files have been recovered ( Note that there is no guarantee that the files will ever be recovered. Remember that you are dealing with criminals. ) then the cleanup efforts can begin. Additional funds are spent determining how the system was infected in the first place and how to mitigate infections in the future. This process can cost as much as, if not more than the original ransom. Whats more frustrating is that your business might be at a standstill as the whole process can often take a few days or weeks to recover from.

What options are available in this situation? Well, the best option is to never get infected ( Can we get an overwhelming “Duh!” from the crowd? ). Beyond that, we need to take as many precautions as possible and answer some basic questions. Some of the obvious precautions are up to date anti-virus and have a good firewall in place. But even these aren’t bullet proof. New malware variants are released on a daily basis as the criminals try to get around anti-virus software. Another step is simple employee training. Again, this can prevent a lot of disasters but sometimes machines are infected through a popular website. In the end, there are no guarantees that your network won’t get infected regardless of what precautions you take.

So what are we to do? Well, one of the best defenses against ransomware is simply a good backup rotation. Don’t get me wrong, all of the other anti-virus protection, firewalls and employee training has a major impact on how vulnerable the overall network is, but having a backup of your data becomes invaluable during ransomware recovery. Why? Well, if you have a good daily backup of your data then you might lose a day or two of data and minimize your network downtime. There are some caveats to the backups. Physical backup drives shouldn’t be connected to the server when the infection hits. How do we ensure this? Having multiple backup drives that are swapped out on a daily basis. Many businesses don’t realize that their backup strategy can play heavily on their anti-virus mitigation as well. A computer can be cleaned or reinstalled from scratch if needed, but data ( especially financial data ) is incredibly difficult to recreate. The more varied your backup plan ( physical external hard drives, NAS and cloud usage ) the better chance of recovering from these vicious infections.

If you’d like to learn more about ransomware recovery and some of the options available to your unique situation, please send us an email or give us a call.