About 60-70 percent of ransomware is deployed via email phishing schemes, with the remainder largely spread through malicious online downloads Do you own a computer, iPad or smartphone? Do you have an email address? Then you are a target for ransomware, or a type of malware that locks and compromises files or entire systems unless users pay a ransom. MSPs understand this, but prospects and clients at small-and medium-sized businesses don't necessarily. Maybe they know it's a risk, but they don't think it's one they have to worry about. Have you ever heard people say they're safe because Macs don't get viruses?
In reality, cybercrime is running rampant today, and no one is safe. Ransomware, recently named the biggest cybersecurity threat by Kaspersky Lab's IT Threat Evolution in Q1 2016 report, can infect individuals, companies, government offices and hospitals that don't enact appropriate security policy and protocol. And the costs are significant! In a recent webinar, George Anderson, Director of Product Marketing at Webroot, led a discussion on the various business consequences to educate clients about, as well as outlined how to prevent and fight ransomware. To learn more, keep reading!
In our Crypto Ransomware- Fighting a Real Problem with Real Solutions webinar, we discussed ransomware’s evolution, how ransomware infects systems, costs associated with ransomware attacks and the best protection for your MSP business and clients. We will be discussing the latter two topic points in this post, but for a full discussion on such timely subject matter, you can download the cybersecurity webinar here.
Costs Associated with Ransomware Attacks
1. Data is unrecoverable without a key.
When ransomware attacks users' devices and encrypts files, there is no way to recover the affected files without paying the cybercriminal for the decryption key. Because of this, victims are often tempted to pay the ransom, which brings us to this next cost...
2. Paying ransom doesn’t always mean you'll be able to recover data.
Hackers could collect a business's payment without releasing the decryption key and could even charge a higher price for it. You never want your clients to be in a position in which they feel they have to negotiate with criminals.
3. Encryption is often network-wide.
If a compromised device is connected to a shared or mapped network drive, any other connected devices are vulnerable to data corruption and loss. Oftentimes, networks are infected by a botnet, or a group of Internet-connected devices configured to forward transmissions (such as spam or viruses) to other devices, despite their owners being unaware of it. This practice of exploiting shared network drives and infecting many through one, dramatically augments the threat impact and could potentially shut down a whole office.
4. The cost of the ransom is increasing.
Ransom payments started out around $300, but have now increased to upwards of $700 per attack. These costs rise with time, and clients often feel pressured into paying quickly so as to avoid late fees. Added to the frustration, because hackers demand Bitcoin ransom payments, these attacks are nearly impossible to track. It's not like you can dispute fraudulent charges like you can with a credit card.
5. Business downtime is incredibly expensive.
Ransomware attacks lead to lost productivity, profits and labor time. As a result, SMBs face business-crippling downtime. How severe is it? Learn how to calculate the cost of downtime here!
Backup and Disaster Recovery (BDR) as the Ransomware Failsafe
Did you know that 52 percent of business experience more than one backup failure every year (source)?
The only sure way to recover compromised data is to restore files that are backed up. In this way, you can avoid having to deal with ransomware authors directly and resume normal business operations. Businesses need backup and disaster recovery (BDR) because it is the best way to mitigate any damage inflicted by ransomware. That's why we recommend every MSP offer clients disaster recovery as a service (DRaaS) and business continuity as a part of their managed IT services solution. What should you look for in a backup platform? Check out key features in this informative BDR infographic!
How to Avoid Ransomware
So after reviewing just how detrimental ransomware is to any impacted business, how can MSPs help prevent clients from falling for malicious schemes in the first place? In the webinar, George recommended taking the following ten measures to reduce the likelihood of a ransomware infection
- Use a reputable proven endpoint security
- Back up your data
- Show hidden file extensions
- Filter EXEs in email
- Disable files running from AppData/LocalAppData folders
- Use a pop-up blocker
- Disable remote desktop monitor
- Educate end users
- Limit end user access to mapped drives
- Patch and keep software up-to-date
We also provide cybersecurity best practices to share with clients here!
Ransomware will only get more sophisticated over time, so MSPs and SMBs alike need to be prepared. Do you know exactly what you're dealing with? Do you want more information to share with prospects and clients? Download our webinar below!
By Lily Teplow
By Brian Downey
By Dave LeClair