Worried about the costs of retrieving your business data if you’re affected by Ransomware such as Cryptolocker or Cryptowall?
Whilst the price of decryption demanded by the cyber-criminals can be as much as £5,000 per user, the biggest costs could be the downtime, reputational damage, and failure to get your data back.
Could your business close for 10 days?
The absolute minimum downtime to expect after infection by a ransomware virus and subsequent locking of data, even if you’re fully prepared, is 1 business day.
This is because it takes at least a day to completely clean and reload PCs and servers. Restoring 500 GB of data from a cloud backup, a fairly modest amount for a small business, will usually take around 12 hours.
But many businesses are down for a lot longer than one day after encryption of their critical data.
In a report carried out by Intermedia, it was found that 61% of businesses were unable to work for at least 3 days, 32% were down for at least 5 days, and 17% were unable to work for a whole 10 days!
The impact of this kind of downtime is chaos, lost revenue and a hugely damaged reputation.
Whilst one day is the minimum you should expect to be unable to work after a cryptolocker attack, this depends on the speed with which you are able to react, and requires you are able to clean up your infrastructure and restore from backups easily.
If you’re restoring from backup, you should also expect to lose some recent work. This is due to the need to find a clean backup to restore from, as the malware sits dormant for a while before it begins encrypting files. Restoring from a backup that is too recent and contains the virus leads to further disruption as the whole cycle repeats.
Smaller Businesses are More at Risk
You may have seen stories in the news about Ransomware infection, and think that only big businesses and well known organisations are at risk. However, this is only because the high profile nature of the organisations involved means these are the stories that make the news.
The truth is everyone is at risk and small to medium sized businesses are actually more at risk. Cyber criminals are targeting them due to their greater likelihood of paying the ransom. This is because smaller businesses are less likely to have adequate backup in place, and are less able to weather the crisis of downtime.
Disaster recovery vendor Datto says businesses shouldn’t pay up, as around a quarter of businesses still don’t get their data back.
How to Prevent Ransomware Infection
The best approach is to be absolutely prepared for a cyber-attack, of any kind.
- Highly reliable, on-site and cloud based backup should be in place.
- Your IT team should check that backups are completing successfully every day.
- Email security should be in place to filter out as many suspicious messages as possible. Unfortunately, anti-spam solutions aren’t 100% effective because they would filter out too much genuine mail – and it is easy for a cybercriminal to send an email that looks safe.
- Solid protection from firewalls, anti-virus and DNS monitoring to prevent connections to suspicious domains and scan/filter incoming traffic.
- Regular, ongoing education and reinforcement of best practices to your staff. Despite all of the technical protection that can be offered, this point is still critical. Emails get through spam filters and people fall for phishing techniques. Clicking on a link or an attachment in an email is the number one way to get infected with Ransomware.