Ransomware has become such a prevalent threat that the Los Angeles Times suggested in a March 8 article that “2016 is shaping up as the year of ransomware.”
Recent ransomware victims, the paper reported, included the Los Angeles County Department of Health Services and Hollywood Presbyterian Medical Center, which paid $17,000 to regain access to a communications system that attackers had shut down.
Ransomware is ingeniously simple to execute and, as such, an effective method for cybercriminals to monetize malware attacks. Ransomware uses malware variants with names like “Locky” and “CryptoWall” to encrypt files in victims’ systems. The malware typically is delivered through phishing emails.
To get their data back, victims have to pay ransom--usually a low enough number so that victims take the path of least resistance to solve the problem. Even police departments have been caught in the malware trap and some have agreed to pay ransom.
“If the victim won’t pay, the hackers threaten to delete the files, which they did last year to departments in Alabama and New Hampshire. That means evidence from open cases could be lost or altered, and violent criminals could go free,” according to an NBC News report.
How to Avoid Paying
Why do victims end up having to pay for ransomware? Because otherwise they lose access to valuable data--access, by the way, that could be quickly restored if they regularly backed up their data.
A lot of heartache can be avoided with the simple act of backing up all of the files on users’ machines and servers. But no matter how often businesses are told to back up, enough of them neglect to do so. In 2015, SC Magazine reported that more than a third of users--36 percent--“don’t think it’s necessary to back up their data.
Well, ransomware has proven them wrong again and again.
Develop a Strategy
To prevent their clients from becoming the next ransomware victims, MSPs need to help them develop data protection strategies that include phishing detection tools and education, implementation of reliable endpoint security and threat analysis, and of course a solid BDR (backup and disaster recovery) strategy.
Today, there’s really no good excuse for failing to backup regularly. Cloud-based data backup solutions have made the process simpler than ever through automation and scheduled backups. Cloud-based BDR (backup and disaster recovery) services let you schedule backup frequency and replicate data off-site to minimize the potential of losing valuable data as a result of a security attack, natural disaster or system failure.
Cloud-based BDR has long been a staple of MSP offerings. If you don’t offer it, it’s time to start. If you do and some of your customers don’t take advantage of the service--or don’t back up at all--you need to work on changing their minds. Share with them some examples of ransomware attacks to help drive the point home. If the prospect of having to pay to access their own data doesn’t do the trick, chances are nothing well.