Yet another news story this morning about a school hit with Ransomware and paying the $28,000 extortion fee. It’s not a matter of pay the ransom or lose files. A ransomware solution exists, right now, that will protect you and cost less than paying the extortion.
This LA school, and it seems other schools in that area, previously bought Ransomware insurance and the extortion fee was paid from that (full story).
Troy Hunt, the founder of breach notification website Have I Been Pwned, told IBTimes UK: “The biggest problem we’re facing with ransomware is that the Return on Investment (RoI) justifies paying it. “As much as we’d like to take the moral high ground on this, when you’re faced with the dilemma of either paying a sum of money up front or losing an untold number of valuable files, the business justification for paying the money starts to look pretty good. – Troy Hunt
So according to Troy, we’re reducing Ransomware mitigation down to a financial business decision. But by doing this we are actually encouraging Ransomware creators to just make sure the Ransomware extortion fee is less that what it would cost to try and recover the files yourself.
I’d like to argue that it doesn’t boil down to “either paying a sum of money up front or losing an untold number of valuable files”.
There is a better option, a ransomware solution.
The big news of 2016 has been Ransomware, both in Canada and around the world.
The University of Calgary recently paid $20,000 to have files restored on more than 100 computers.
Here’s an article about 12 ransomware attacks against Healthcare institutions – a ransomware attackers favourite apparently.
In fact a recent study done by Malwarebytes says 40% of businesses internationally have been hit with Ransomware and more than 40% paid.
“Nearly 60 percent of all Ransomware attacks in the enterprise demanded over $1,000. Over 20 percent of attacks asked for more than $10,000, 1 percent even asked for over $150,000.” – Malwarebytes
This coming year is already being projected to be worse, so should you just be putting business funds aside to cover the eventuality that you’ll need to pay ransomware?
I would hope not. Here’s a better solution.
A Cloud Backup is the ransomware solution.
How is it that LA school couldn’t easily reach into their backup and restore their files? It seems still too many busineses are not backing up properly or effectively.
Here’s some examples of what this solution costs:
At the personal computer level your backups can be happening in near real-time and uploaded via the internet for safe keeping on cloud backup servers. If you get hit with ransomware you can restore your files and ignore the extortion demand. For example:
At the business and enterprise level you can backup a server multiple times a day. That data can stored both locally and in the cloud for significantly less than the $10,000 asking price shown in the above quote. For example:
If a ransomware attack does occur it will try to encrypt everything locally, but you haven’t lost all your data because your backup is in another location.
This is the beauty of a cloud backup, it is disconnected from your local environment so Ransomware can’t get to it. Your files are safe and you now have the ability to move forward.
Sure it’s “easier” to pay the ransom get your files back, but how do you know there still isn’t something sitting on your system? What about next time – and how long will it be until next time?
You will need to spend some time to clean up your local environment, and take the time to restore. Here’s an example of the process in this review of recovering from Ransomware for a business here in Vancouver.
You will, however, not be giving in to extortion. You will have one up on those ransomware miscreants. They have infiltrated, but you have a ready made, easily implemented solution.
Wouldn’t that be such a better story than having to pay?
That’s the kind of story I’d like to read.