Small and medium sized businesses are often the focus for ransomware threats because they usually are less prepared to deal with cyber-threats. Some of the most common attacks SMB’s see are distributed denial-of-service (DDoS) – attacks resulting in hours of downtime and revenue loss, to malware attacks, including those involving ransomware, that may ultimately cause a company to go out of business. With affordable modern technology, you can make sure your business is protected.
How many businesses (especially SMBs) can afford to lose ten’s, if not hundred’s of thousands of dollars, and get locked out of key systems for weeks, if not months?
We’ve heard many stories and had a least one client struggle to recover from an attack. In August, a client of ours suffered a brutal ransomware attack that shut down their operations for weeks. Even after paying the ransomware demand, it took hours and hours of time to try and recover their data and systems.
Ransomware Attack Overview:
Hackers got into an engineering firm’s on-premise Dynamics SL system and targeted select files to encrypt. This meant those files are no longer accessible to anyone. You can’t even see them on your computer. Further, the artificial intelligence that is used by ransomware attackers looks for the most frequently used, high-value files and folders, so they hit you where it hurts the most.
When you run an on-premise environment, you often rely on Virtual Machines, that are stored on a server. This ransomware attack targeted their main server and disabled all access to those Virtual Machines, encrypting everything. The IT team couldn’t get in no matter what they tried. Their accounting team was completely shut down, they couldn’t see invoices, or pay bills.
This client decided to pay the ransom, which was expensive. But even paying didn’t bring their systems back immediately. The decryption codes they were given didn’t work. This meant they had to call the ransom company for support! If that doesn’t underscore how big of an industry ransomware are, and how vulnerable we can all be, I don’t know what does.
Their IT consulting firm worked with the ransomware firm for weeks to get the system restored. This mid-sized engineering firm has now spent money on the ransom and a lot of dollars on the IT consulting firm to restore even basic functionality to their business. And we haven’t even mentioned the ERP system restoration. The IT firm took the repairs as far as they could, but when it came to the accounting systems, they needed GFC’s help. We worked side-by-side with their IT firm. Essentially, we had to do a fresh install of the software, because everything from the virtual servers to the signature files for checks was corrupted. The entire library of custom reports was gone. They’ve lost a lot, and are starting over with their data. It was a real mess and they are still cleaning up some performance problems a full two months later.
The question becomes, how are you going to protect your most valuable data: customers, payroll, vendors, invoices, payment histories, custom reports, etc.? A few of the easiest ways are outlined below.
46% of SMBs have been targeted by ransomware, 73% have paid the ransom
How to Safeguard Your Business:
- Backups: The biggest thing you can do to make sure your business isn’t vulnerable to hackers it to have good backups with offsite, backup storage. When attackers get into your system, they know what to look for, including backup files, crippling any business. Additionally, have a current backup and disaster recovery plan, a “playbook” of processes and activities, invoking backup and disaster recovery services and their interaction with your data and servers.
It is pretty easy to use Microsoft Azure and other cloud services, such as Microsoft’s data recovery vault to ensure that you never have to experience what this client did. Read more about Azure and data recover in “SMBs have access to top notch security and technology.”
- Test your disaster recovery plan on a regular basis: By performing a few tests, you will work out any kinks and be confident if sabotage happens, you’ll be up and running in no time. We recommend testing your backup and recovery strategy at various times and from different angles. To do this, conduct regular and random tests in which you simulate an event that would call for data disaster recovery and access to your on-premises or online backup.
- Education: Educating your users on how to identify, avoid, and report data threats is the most important method an organization can adopt to protect its data. By teaching them to identify and avoid threats, you deprive cybercriminals of the opportunity to compromise data.
- Find a partner you trust: Stay current and informed. Have a trusted partner to help your business.
Important Take-Aways:
First, make sure you have solid, offsite backups which have been tested. Look at the backup files – are they complete? Are they valid? There are so many modern-day solutions for SMBs, there’s no reason your business should be without one. Second, talk to your ERP partner right away. Make sure together, you have a disaster recovery plan in place.