As you may have heard in the news, there has been an unprecedented number of ransomware attacks on U.S. corporations during the past eight months. These attacks existed before, but they are becoming much more frequent and sophisticated.
What is Ransomware?
Ransomware is carried out by a group of high-level technology specialists (programmers/hackers) who are well-educated and extremely well-funded. The whole idea is that they penetrate firewalls and take over computers within an organization, and change the data saved on the computers into a format that only they can read. The data is no longer available to the people who own the computers or network. The bad guys leave a note on your desktop informing you that your computer has been hijacked, and that they will gladly give you back your information after you pay them X amount of dollars.
These attacks are very sophisticated and are penetrating some of the most secure networks around the country. So, no one is completely immune from this risk. The large companies affected are in the news, but ransomware is hitting hundreds of small companies each week. Even the best firewalls can be penetrated, as we will discuss in this article.
In May 2021, QFloors had a ransomware event hit our software company. The good news is we had taken precautions ahead of time to help us successfully navigate this issue. However, we also learned a few things by going through this painful experience. I’m sharing some of our takeaways in the hope they might be of benefit to others in our industry.
In our situation, we had all of our cloud customers back up and running within four calendar days. We did not pay the ransom, and no data was lost. Right now, according to multiple news reports, the average number of calendar days a ransomware victim is down is 21 days.1 The average ransom is $300,0002. Bigger companies are paying much more than this.
Even if you pay the ransom, everything is not magically better and back to business as usual. You aren’t guaranteed to get your data back. Some ransomware groups are more “reputable” (if you can call it that) than others, as far as returning uninfected data. Even if they do release your data back to you, sometimes they leave back doors in your system for future use. Sometimes there is a second ransom demand to not publish your data, if the data is of a sensitive nature.
Things to Know About a Ransomware Event
Here are a few things that will help you prevent or navigate this type of event.
The first thing that most ransomware bad guys try to destroy are backups. A disconnected backup is a backup that is unplugged or severed from the network, once the backup has been performed. There are many ways this can be done. The simplest way to do this is to back up to an external hard drive, and then unplug the cable. Of course, there are more sophisticated ways of doing disconnected backups, but they require the help of an IT expert. Having a disconnected backup will prevent the bad guys from being able to access and therefore compromise or destroy your backup data.
The majority of ransomware attacks that are successful happen because an employee or someone using your internal network clicks on a dangerous link within an email, or they go to a website that is not safe. Right now the only way to help prevent this from happening is training your employees about being ultra-cautious about the emails they click on and the websites they browse. You can also set up filters to prevent them from browsing dangerous websites.
Ensure that your firewall is up to date and in compliance with payment card industry (PCI) recommendations. You may need to get your IT person involved to oversee this.
REGULAR AND SECURE BACKUPS
If you have a partner (for instance, a hosting company) that is storing critical data, make sure they are implementing backup strategies suggested on the previous page, and test to ensure the backups are happening regularly and completely.
Consider and implement policies that will allow you to continue to run your company (albeit less efficiently) if your technology is out of service for a period of time, whether due to ransomware or simply other unexpected events such as power or internet outages, natural disasters, theft, or fire. Think about what you need to do to be able to continue to operate in these types of emergency situations. At minimum, you should consider workarounds on how to create and write up a customer order, take a customer payment, and continue your installation schedule as planned. For example, creating an order might include keeping a stack of pre-printed invoices that could be used in an emergency. Taking a payment would involve having alternate ways to take a credit card if your internet was down. You should probably keep a backup copy of your installation schedule somewhere if it is kept electronically.
Unfortunately, this threat is not going to go away soon. Just as 9/11 changed airport security, ransomware attacks are requiring all of us to adapt and protect ourselves. Every company should at least consider what their exposure is and the steps necessary to minimize risk.
- Multiple news reports, but one cites Coveware, 2021.
- Again, multiple news reports, but one is Tripwire March 2021.
Chad Ogden is the founder and president of QFloors software, located in South Jordan, Utah. He is third generation in the flooring industry, growing up working in his father’s retail flooring stores. He obtained a Computer Engineering degree and worked as an electrical and software engineer, and director of engineering for a high-tech mass spectrometer company, prior to founding QFloors software in 1999 with his brother, Trent Ogden. He can be reached at firstname.lastname@example.org.