Ransomware

Today ransomware is a significant criminal business that can cripple and potentially destroy a business, utility, or government. So far this year, there have been over 100 high-profile attacks. High-profile targets have included the Colonial Pipeline, London, Australia, Apple, Acer, Solarwinds, the DC Police, and the NBA. Billions of dollars have also been collectively paid out by smaller organizations. In 2019 ransomware cost victims an estimated $11.5 billion. In 2020 the cost was $20 billion. This year is already close to matching all of 2020.

Simply put, a ransomware attack happens when a criminal tries to hold data hostage. Malicious software encrypts all the victim’s data. To access your data, the user can try paying money to the criminal who stole their data. If the victim pays, the criminal might unlock their data. Then again, they might not.

While there is no way to guarantee you won’t be affected, much of the same advice that will help protect against ransomware is the same as any computer virus. For example, don’t open unexpected email attachments or plug unknown USB devices into your computer.

By keeping your computer’s operating system, such as Windows, fresh and current, you will make it harder for the criminal to get into your system. Unless the criminal targets you specifically, they are likely using automated scripts to break in. Most of these scripts are monitored by equipment and software manufacturers. Companies release security patches to protect you, in part, from the weaknesses that these scripts are attempting to exploit.

Routers and firewalls are targets for the criminal. If you own your router, update the firmware, and replace old equipment that can’t be upgraded. If you use ITC Blast Wi-Fi, this is already done for you. Also, work with your point of sale and other business equipment vendors and apply all recommended patches.

You should also follow the 3-2-1 model for data backup and recovery, which means that you have your original data and two copies of that data. The original data is what you use in your daily business. The first backup is commonly either kept at the same location as the original data or stored offsite. You should also have a copy of the backup stored somewhere like the ITC’s local cloud backup solution. The benefit of having backups in multiple locations is if the criminal manages to find and encrypt the backups at your business, you still have another backup source for recovering your data. How often you back up and how long you keep those backups depends on how much of your data you can afford to lose.

Often the most secure way to recover from a ransomware attack is to completely rebuild your computer systems that were affected or even connected with the compromised system. This is true whether you pay the ransom or not. If you need help recovering from an attack, give ITC a call at 1.800.417.8667.