Ruminations

R is for Ransomware

We've written about ransomware before. And we've written about Disaster Recovery Plans (DRP) and Business Continuation Plans (BCP) before too. We've even written about the importance of employee training on several occasions. They all have one thing in common: preparedness.

If you're prepared for a business disruption, or a supply chain disruption, then you're prepared to prevent or even respond to a ransomware attack. Ransomware is serious business. But if you're prepared then you've given your small business its best chance of surviving a ransomware attack.

Control what you can control; prepare for the rest.

It's been all over the news recently. You can't miss it. From The Colonial Pipeline to JBS Foods to Sol Oriens. If you haven't heard of the last one it was just a subcontractor for the U.S. Department of Energy that works on nuclear weapons with the National Nuclear Security Administration. Ransomware has become a national security threat.

Ransomware isn't just holding your company's files for ransom. The hackers upload your files before encrypting them. The data from your company will be sold on the black market whether you pay the ransom or not (and you should never pay the ransom). Sure, the hackers say they won't sell your data if you pay up, but you simply can't trust organized crime operators.

Did you know that 80% of organizations that pay the ransom become repeat ransomware customers? So never pay the ransom.

Disruptions to fuel and food suppliers is just the tip of the iceberg. What happens when ransomware hits a major processing center for credit cards? Credit card transactions and ATMs will grind to a halt, and so will our economy. What if ransomware hits a major payroll company? If you think missing a paycheck would be the worst that can happen, guess again. If you have direct deposit the hackers now have your bank account number, routing number, name, SSN, etc. Missing that paycheck will be the least of your worries.

Ransomware isn't just big business, it's become an industry upon itself. With service providers, affiliates, ransom negotiators, customer support and even P.R. efforts.

Ready or not, ransomware may be in your future. There are over seven ransomware attacks per hour in the United States. And it's going to get worse. Just look at this map of major ransomware victims. So, if you're a small business you may get hit by commodity ransomware. Commodity ransomware is simply opportunistic ransomware that isn't targeted. It's usually cheaper and easier to recover from than targeted, human-operated ransomware. But for a small business, the costs and disruption that come with commodity ransomware can certainly put you out of business.

The best way to protect your company is to be prepared. That means training your staff not to fall for phishing and social engineering schemes. That means having backups that aren't accessible to the ransomware infection. That means having a DRP, BCP and an Incident Response Plan (IRP). That means having cybersecurity insurance that includes ransomware coverage (not all policies do). And that means you and your employees should use strong, secure passwords, and use a password manager application. Read more about password manager options, features and pricing.

Read more about what cyber insurance covers, how much it costs and how much you might need.

Having printed copies of your emergency plans and important business documents is critical. But make sure you also have digital copies of your DRP, BCP and IRP, as well as copies of your important business documents. Do you even know what they are? Things like your insurance policies, deeds or leases, recent tax documents and bank records, any professional licenses, and anything else that you may need in case of emergency. ElixWare will be offering an online safe storage option for small business later this summer.

No matter how prepared you are, if your small business gets hit by ransomware, you're going to be facing a significant, if not fatal, business disruption. If you're not prepared you may be dealing with another 'R' word: regret.

If your small business survives a ransomware attack, you're looking at long recovery. Not just because you'll need to restore all your files from your backups. But because you're going to have to set everything up from scratch.

Like many things in life, the work you put in up front makes everything else easier. If your small business is prepared for a disaster or disruption, you'll be grateful for already having made the effort.

If you recover from a ransomware attack, you're going to need your cybersecurity insurance to help pay for replacing all your servers and computers, and probably all your network printers as well. Anything that was touched by the ransomware, and anything with storage that was connected to your network at the time of the attack, is potentially still infected with some sort of virus or malware.

You'll need to get your hardware requirements together, source your replacement hardware, set it all up from scratch, and then restore from your backups. But your backups will only get you so far. All the important files that you and your staff keep on local hard drives aren't getting backed up, so now they're potentially infected and cannot be restored. You'll probably be tempted to save some of them, but you should never do it. Are you willing to go through all of this again for what's in those potentially infected and/or booby trapped files? If not, make sure those important files are stored on your network or that your local hard drives are backup up frequently.

I would strongly advise you to pre-qualify one or more local tech support companies to help you with your recovery and hardware replacement. The sooner you're back in business the better your chances of staying in business.

Ransomware isn't the only danger your small business faces. There are acts of God, infrastructure failures, accidents, technology failures, theft, random acts of violence and vandalism, among others. Preparing for one means you should prepare for all.

No one likes to listen to doomsayers, even when we know they might be right. Think of preparing your DRP, BCP and IRP as a combination of investing in your business and investing in insurance. Trying to figure out what you're going to do, what your options are and where you can turn are not decisions you want to make in the heat of the moment.

We hope you never need any of the preparation we're suggesting here. But if you ever do, I can guarantee you that you'll feel relieved. And that will be the first 'R' word on your road to recovery.

---