Posts

The Dangers of Ransomware & How To Overcome A Cyber Attack

YOUR FILES ARE ENCRYPTED! To decrypt your files you need to obtain the private key. To obtain the private key, you need to pay 300 USD.

Any attempt to remove or damage this software will lead to the immediate destruction of the private key by server.

MalwareThis message is one that no business owner wants to see pop up on their office computer screen. Ransomware – a nasty and costly virus (or malware) that locks down computers and encrypts data until money (or a ransom) is sent – is not going anywhere. In fact, it seems to be such an epidemic these days as there are new malwares popping up and more victims paying up, which includes individuals, small and large organizations, hospitals, universities, government agencies and more.

Our team of IT experts has already seen and helped businesses recover from ransomware and other malware attacks and in fact, we’ve recently been hit as well. What has saved us and our customers from incurring high and sometimes damaging costs is the fact that we were all well prepared for such an incident. (Read our previous blog called “Ransomware Detected”)

How? Let me further explain about the costs that businesses can incur from ransomware and what to do to recover easily and quickly from this cyberattack.

First and foremost, it’s important to know that anyone can get hit by ransomware. It is not only large, successful organizations or government agencies. It can be small businesses or individuals. Secondly, it’s criticial that business owners get rid of the thought that “it won’t happen to me or my business – ransomware has been around for years and I’ve never had an incident like that”. This is such a dangerous thought. It may never have happened before but it doesn’t mean that it can’t happen in the future. Cyber criminals are only getting smarter and more powerful. Ransomware has become a billion dollar industry, where about 4,000 cyberattacks are launched every single day (Globe and Mail, May 2017)

Unfortunately, even if managers or IT departments do their best to educate their employees on malware and how to identify suspicious emails, links or attachments, we should never take the chance that one bad email won’t slip through. Ransomware can halt business operations immediately and this is very dangerous. Over the last couple of years, on average, ransomware has cost small businesses over $100,000 per attack due to downtime (some companies have been hit more than once in the span of a few months!!). Most people think that the ransom ($) is the biggest cost that comes from a ransomware attack. However, there are a lot more damages that can be incurred, such as;

  1. Loss of revenue due to downtime
  2. Lost customers and damaged reputation
  3. Loss of productivity
  4. The cost of hiring IT experts to restore your systems in the days following an attack
  5. Data loss (!!)

So, even if the ransom is paid rather quickly, it could still take up to a week or more to remove the infection from your systems and get back up and running. (Do you know how much money your company will lose if you are down for a week?) One law firm in the U.S. suffered 3 months of downtime while their systems remained locked! Most smaller companies would not survive this. On top of all of this, companies may never be able to retrieve some of their sensitive business data.

Therefore, the downtime and data loss that companies suffer are two of the biggest threats to a company if attacked by ransomware or any malware. What’s also important to note is that even though the original ransom may be a measly $300 USD, cyber criminals have no morals and can increase this amount at any time and for any reason. For example, hospitals and universities hold highly sensitive information. Cybercriminals are aware that they would pay anything to retrieve their data. Their ransoms are known to be in the thousands – some stories have reported ransoms of $20,000. What’s worse is that if they see how quickly a company pays up the first time they get hit, if they get hit a second time the amount will increase exponentially. It’s a dangerous game and it’s not one any business owner would want to play.

What’s worse, is that most recently, the FBI has urged companies NOT to pay the ransom if their computers get infected. “Paying a ransom doesn’t guarantee an organization that it will get its data back – we’ve seen cases where organizations never got a decryption key after having paid the ransom”, said FBI Cyber Division Assistant Director James Trainor.” (CNN, July 2017)

The Business Continuity Solution to Ransomware

The BEST way to protect your data and company from this type of attack is to implement a Business Continuity and Disaster Recovery plan and software solution, like QBR, paired with educating your employees. They need to know what to look out for; how to identify suspicious emails, attachments and links and once identified to report them to their IT team right away. If anything should occur, the IT team will have a plan of action ready and will deploy a bare metal restore to remove all traces of the virus and go back in time. Depending on how often you chose to backup your data, all that may be lost is an hour or so of data. After that, everything can be back to normal and operations can continue as if nothing ever happened.

Therefore, implementing a Business Continuity solution like QBR truly is a small price to pay to ensure that your data is safe and your company can survive a Ransomware attack, without incurring downtime. Our customers view this service as their insurance policy instead of an added cost to their business. They would rather pay a monthly service to protect their data than take the risk of getting hit by a malware and having to incur major damages.

/by

Business Continuity: A Much-Needed Insurance Policy For Your Data

This post was updated to reflect current trends and information.

When we think about insurance policies, many of us think of the most common ones, such as health insurance, life insurance, automobile insurance and property insurance. We all know that the point of having any insurance policy is to protect your most important assets. For a company, what can be considered as important? I’d say their sensitive data! This is why I strongly urge business owners to have, what I like to call, “data insurance”.

“Data Insurance”

data-InsuranceWhat is “data insurance”? To our team at Namtek Consulting Services, it is a company’s Business Continuity and Disaster Recovery solution and plan. All of our customers, using our QBR Business Continuity solution and service refer to their monthly fee as their data’s insurance policy. They know that no matter what happens, their data is protected and easily recoverable. They are provided with real-time backups, email confirmations ensuring that all backups taken were successful, and quick recovery methods for their data during any crisis or disaster. Please don’t get this mixed up with those old backup tapes and drives. Read how Business Continuity differs from traditional backup and recovery methods.

To learn how Business Continuity works, check out these short videos on YouTube.

What do companies have to protect their data against?

There are many causes for data loss and downtime, which can include human error (accidental deletion of files or folders), natural disasters (fires or floods), power outages, hardware or software malfunction, and much more.

Ransomware

Another big threat to a company’s data is Ransomware Cyberattacks. This is considered as a growing concern in the today’s business world. Ransomware attacks are when hackers threaten companies (and even individuals) by holding their valuable data hostage and asking for a ransom in order to release their data back to them. Ransoms for individuals are usually around $500 USD but can go much higher for companies.

The ransom, in most cases, isn’t even the biggest problem to these companies. It is the downtime that they experience during this whole ordeal. Employees don’t have any access to the company’s data until they pay the ransom, causing operations to stop. By the time management opens up a bitcoin account, pay the ransom and receive the code to unlock their files from the hackers, a few days could have passed. Time is money. For many companies, this downtime could add up to a much higher dollar amount than the ransom itself.

Therefore, it’s critical to understand that ransomware affects companies in two major ways:

  1. The ransom itself, which can be upwards of tens of thousands of dollars for businesses.
  2. Downtime!

Unfortunately, the number of ransomware attacks has been increasing; hackers are realizing that not only can they target individuals, with a $500 USD ransom, but they can target all kinds of businesses, hospitals, universities, etc. in which they know the data at these places is considered to be extremely valuable to them. For Universities that do world-class research, like the University of Calgary, a higher ransom will be requested. Remember, hackers have no moral standards. They can increase the ransom as they please.

More and more, news outlets report successful ransomware campaigns that happen to individuals as well as companies, hospitals and universities.

Read: 2017-2019 Ransomware statistics and facts

 CBC News released a story about a ransomware victim who got his home computer seized by a malicious malware program and was asked to pay $800 CAD to get the code to unlock his files. He paid it right away because all of his family photos and wedding photos were held hostage.

The success rate of these cyberattacks are high due to the fact that hackers can’t get caught and they are continuously adapting to changing environments by altering the malware. On top of it, many people don’t think they’ll be a victim until they are, so they ignored expert advice to implement a Business Continuity solution and draw up a Disaster Recovery plan.

I’m here to tell you that, as a business owner, you definitely need to seek out security measures, like QBR Business Continuity, that will protect your data from these cyberattacks or any other crisis or disaster. It’s to protect you from the unexpected.

Key takeaways from Ransomware Cyberattacks:

  • EVERYONE can fall victim; from individuals, to small businesses to large enterprises
  • The more valuable your data is, the higher your ransom will be
  • There is no limit to how many times you get ransomware
  • Without a solid Business Continuity solution, once you pay the hacker, the virus remains
  • Traditional backup systems aren’t cutting it anymore for these sophisticated types of malware
  • Business Continuity saves companies from having to pay a ransom and from incurring any downtime. They can instantly rollback to the most recent time where all of their files were not infected.

 

Bottom line: Protect your data to keep operations running as usual

data-securityIn the end, what matters to every business owner, is how fast employees can get back to work or in other words, how quickly operations can resume, during all sorts of disasters or crises. Be it a fire, a flood, an ice storm (for all our fellow Canadians), a human error, a ransomware attack, or hardware malfunction, it’s important to be well protected. A company’s data is extremely valuable to their operations and it’s time business owners see Business Continuity services as their insurance policy. Our QBR customers can restore an entire server, an entire desktop or simply pick and choose a specific file they accidentally deleted. It’s that simple and truly that remarkable.

Business owners may think that the chances of them experiencing data loss or downtime are slim. It’s actually a lot more prevalent than one may think. According to Peer1 hosting, “90% of businesses unexpectedly lose access to their critical systems and one-third of them deal with downtime each and every month. The average downtime in the U.S. is 7.9 hours, and in Europe, businesses average 10.3 hours of downtime”. When this happens, and depending on the cause of downtime, these companies will suffer from loss of data and loss of revenue, amongst other major business impacts.

How much will 7.9 hours of downtime cost YOUR business?

Once you see an actual dollar amount linked to your downtime, you may start re-thinking having that “data insurance policy”.

Protect your company’s data and get some “data insurance”. Contact us about our Business Continuity service – QBR. You’ll have the peace of mind when it comes to your data’s safety.

/by

RANSOMWARE: Why companies should listen to Business Continuity Experts

During the first week of June, according to CBC News, the University of Calgary became a victim of a ransomware cyber attack. A ransom note was left when the University first detected an encryption on their computer network. The amount requested for the method of decryption was $20,000, which was eventually paid to the attacker on June 7th, 2016. The encryption meant that their students and researchers would not be able to access any of their important files, so long as the ransom was not paid, in order to receive the decryption key. Read more

/by