How to Make Sure You Never Pay a Ransomware Ransom

The average ransom demand of ransomware is around $84,000 according to Emsisoft. While it’s a cost many enterprises could pay if forced to, it’s also enough to have a huge impact on a small or medium-sized business. Add to that the fact that ransomware causes expensive downtime, which according to Gartner, can cost up to $5600 a minute, and it’s easy to see how quickly a business could go under from a single successful attack. As it stands now, about a third of businesses affected by ransomware end up paying the ransom. How can you avoid being one of those that pay?

Well, outside of accepting that your data is lost forever (and don’t forget, cybercriminals might also be harvesting and selling your data), there are plenty of things that that you can do to prevent ransomware. There are also options that can help you remediate the problem if you do get hit by ransomware, and one that will get back you back up and running if all else fails. Just remember, none of these solutions will work unless you act immediately to get the right precautions in place.

The Basics of Ransomware Prevention

First, consider how to stop ransomware. While you likely have basic measures in place like spam filters, antimalware, and firewalls, there are still a few things you should consider that some IT admins miss:

• Education
  When a few clicks are enough to infect your network with ransomware, you need to help employees—one of your first lines of defense—understand their role in prevention. Hold regular security training sessions to go over common threats, how to spot them, and how to avoid them. You may even consider testing your team with a mock-phishing tool.
• Patches and Updates
  As always, keeping systems fully up to date is one of the most important actions you can take to prevent new threats from getting in.

Ensuring You Can Remediate Ransomware

It might seem obvious. If you have a backup of a machine taken before it was infected, you can restore the backup. That should circumvent the infection so you only lose data that was created on that machine after the backup was taken. Unfortunately, it’s a little more complicated than that. Admins who don’t have a lot of backup and disaster recovery (BDR) experience may not know the best way to create and roll out a complete BDR plan. So, here are some crucial tips for taking backups in the age of ransomware:

• Increase backup frequency and extend retention policies
  The more frequently you take backups, the less data you’ll lose if you have an issue (see our post on recovery point objectives). In terms of retention policies, your backups will be useless if they were taken after a machine was infected. That’s why you may want to consider keeping older backups around longer, just in case.
• Keep two local backups
  Admins often store backups on a local network drive. But, if your network gets infected, ransomware might also be able to lock up the very backups you were counting on to save you. That’s why it’s important to think carefully about where your backups are stored. There are two things you can do. First, make sure that admins are the only ones who have access to drives containing backups. Second, consider having a second backup that’s kept offline, so ransomware can’t access it at all.
• Cloud backup and recovery
  Replicating backups to a dedicated recovery cloud does two crucial things. First, it gives you another highly secure place to store backups, well protected from ransomware. Second, an effective BDR cloud solution gives you quick recovery options. As noted, ransomware can cause data loss, but for some businesses the greater threat is downtime. With a recovery cloud, you can recover a machine virtually in seconds. 

What to Do If All Else Fails

If ransomware infects your critical systems and there’s absolutely nothing you can do to fix it, what’s your next move? Unfortunately, many businesses have no choice but to pay the ransom or lose the data forever. But, what’s seldom publicized is that it’s not always the business that pays the ransom—it’s the business's insurance company. While this post covers the best approaches for ransomware prevention, many insurance carriers offer cybersecurity insurance that will pay a ransom if there is no other choice. To be absolutely clear, this should never be your plan. Rather, insurance should be your absolute last-ditch effort to get your data back. Talk to your carrier about coverage (it’s surprisingly affordable).

And, if you’re still grappling with the best ways to keep backups safe from infection, consider talking to the team at StorageCraft. Our sales engineers can offer best practices for taking, storing, and recovering backups so you can be protected against the latest ransomware threats.