When everything goes wrong during a ransomware attack
There were many stories in the news about ransomware last week, which isn’t unusual. But, one ransomware story, in particular, caught my eye. It involves a law firm in Providence, Rhode Island and really highlights the damage that ransomware can cause and the benefits of preparing for business continuity in the face of cyber attacks and other types of file loss.
Back in 2016, one of the firm’s lawyers clicked a link within an email, which then unleashed a ransomware attack and encrypted the firm’s files. When external experts were unable to decrypt the files, they tracked down the perpetrators to negotiate the ransom. After an initial ransom was paid, the decryption key failed to work, so they negotiated an additional ransom and were eventually able to recover their files. All told, the firm was out $25,000 in ransom, in addition to all of the fees paid to the experts that they hired to recover the data.
But the far bigger cost to the firm was the downtime – they were without access to their files for 3 months. During that time, the 10 lawyers at the firm were idle and unproductive, leading to an estimated loss in billings of $700,000.
Three months of downtime is a particularly extended time, but most businesses experience some type of downtime after a ransomware attack. Intermedia’s 2016 Crypto-Ransomware Study found that the average downtime inflicted by a ransomware attack is 3 business days, and 32% of businesses experienced 5 or more days of downtime. The same study also found that 1 in 5 companies that paid ransom failed to get their files back.
While many details about the incident are known (because the firm is suing its insurance company for denying its claim for business losses), certain details remain a mystery. Especially curious to me is what type of backup system the firm had in place – if any. Was is it possible to recover files from the backup, or were they also corrupted by the ransomware strain?
In the time it took me to write this blog post, another 167 ransomware attacks occurred*. While businesses may feel helpless against the onslaught of ransomware, they can protect themselves against extended downtime by implementing a backup service that allows businesses to restore files quickly and easily. SecuriSync® by Intermedia backs up files in real-time and can roll back files to any previous point in time. In the case of a ransomware attack, files can be rolled back to the moment just before the virus was installed, giving employees access to clean, unencrypted versions of files. SecuriSync allows businesses to significantly reduce downtime from a ransomware attack or other type of mass data loss.
*This blog post took 1 hour to write.
SecuriSync is either a trademark or registered trademark of Intermedia.net, Inc. in the United States and other countries.