Ransomware is in the news again in a big way. Pipelines shutting down, healthcare hit jobs, and yet another state or county government being crippled. Ransomware is a specific type of malware that is designed to spread across your network, targeting your servers, databases, and workstations while employing encryption to hold your information ransom. As a small business, it's easy to look at all of that and feel like you can fly under the radar. You're not a multi-billion dollar company, major healthcare, or government entity with "endless" cash. Why would anyone even bother? You are right; you're not one of those big guys, but that doesn't mean that the impact for you, your company, or your clients and customers is any less, but because you are small, you are not likely to get the press to take notice either.
Ransomware Actors Only Go for Large Companies
This may sound nice and logical, but this is just not correct, as I alluded to above. Per this report from ABC News, ransomware emails are up 600% since the pandemic started. More people working from home means fewer people behind those hardened networks we worked so hard to create and those high-end firewalls we paid so much for. Not only that, what are those machines doing when they are not connected to our networks? Ransomware is being felt in all sectors across all industries and verticals. SMB is not flying under the radar here
We Have Backups
Awesome and good for you. I mean that! Backups are a great hedge against ransomware but have you tested them lately? Do you have a plan to restore if your entire network is down? How many layers do you have between your production network and your backups? If your whole network is compromised, does that include your backup storage location? How long will it take to restore your entire network? Again this is a great strategy, but no strategy is perfect. Make sure you are testing your backups on the regular and that you have some air gaps in place to ensure your backups are not also compromised when you go to restore them.
Insurance Will Pay the Ransom
Well yes, maybe, it depends? First off, do you even have a Cyber insurance policy, and does it cover ransomware? When was the last time you reviewed your policy? What are the stipulations and processes within your policy? The answers to all of those are not always straightforward. The insurance company assumes the risk in this scenario, so they will have some say in how things proceed. Make sure you understand all of your policy's nuances and have a good working relationship with your provider.
If You Pay the Ransom, You Will Get Your Data Back
Sometimes. Sadly this is not always the case; this report from Sophos showed only 8% of organizations that paid got all their data back. So this begs the question, should you even pay them? I know, in the heat of the moment, you just need your data back so your company can keep running; however, a big reason that ransomware is continuing to be prevalent is that it pays. In the ideal world, if no one paid the ransom, it would cease to be a thing almost overnight; however, not everyone is prepared, and sometimes the only option is to pay.
At the end of the day, be prepared with a plan of what you will do in the event of a ransomware attack, put measures in place to help protect your network, ensure you have solid air-gapped backups, and be vigilant.