Get All Access for $5/mo

Is Paying up the Only Response to Ransomware? Imagine walking into your office to find a padlock on your computer. Here's how to fight back.

By Richard Walters Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

Imagine walking into your office one morning to find a padlock on your computer. Sitting at your desk is a masked criminal demanding $5,000 for the key. Naturally, you hesitate, to weigh the options. Do you pay this criminal, hoping the key works and he or she vanishes forever? Or, do you ignore the criminal and spend days trying to recover your locked files?

Related: Is 'Ransomware' Terrorizing Your Site Visitors?

This is what ransomware is like. It's a type of malicious software that blocks access to computer systems until money is paid. Ransomware is one of the most pervasive threats to businesses today, especially with the emergence of crypto-ransomware, which encrypts files on victims' computers and holds them hostage until a payment is received.

The impact is huge: CrytpoWall reportedly infected hundreds of computers between April 2014 and June 2015, racking in approximately $18 million from victims who chose to pay.

Contrary to popular belief, the worst part of ransomware isn't even the ransom. The true damages occur due to employee down time, which can last for days, halting business operations and jeopardizing sales.

Ransomware attacks are growing in frequency, largely due to the increasing processing power of computers, which enables criminals to encrypt files in only a few hours, and the rise of anonymous payment systems such as Bitcoin, which makes it easy for criminals to accept payments with less fear of being traced.

Hollywood Presbyterian Medical Center understands this well after losing access to its PCs during a ransomware outbreak. The hospital forfeited $17,000 to hackers after employees spent 10 days relying on outdated fax machines and paper charts.

And there are many other such stories out there: Each new attack serves as a stark reminder that prevention, containment and business continuity techniques are crucial to keeping companies up and running in today's threat landscape. This especially holds true when advanced ransomware, like TeslaCrypt, adds features that are "impossible" to crack.

It's clear, then, that ransomware doesn't discriminate. A recent report revealed that 48 percent of IT consultants surveyed across 22 different industries said they'd witnessed an increase in ransomware-related support inquiries in the previous 12 months from small businesses and enterprises alike.

So, no business or employee is safe. What can businesses do to prepare for what seems an inevitable ransomware attack? And, how can they avoid paying the ransom which will only serve to encourage criminals to repeat their wrongdoing? Here are three strategies:

1. Implement email defense software.

First and foremost, companies need to ensure that their email defense can recognize and block malicious web pages, or infected USB drives and zip files. For this reason, email defense solutions adopted need to go beyond anti-spam and virus-scanning; they should be sophisticated enough to recognize and block phishing attempts, which can spread ransomware.

2. Educate employees.

Email is the most common infection vector for ransomware, making it imperative that businesses create strong education programs to train employees to spot suspicious activity. Ransomware is hard to pinpoint, so it's important for employees to know what to look for.

Additionally, these education programs should notify employees of the appropriate steps to take once a device exhibits the behavior of an infection. For example, do employees know to close their computers immediately in the event of a suspected ransomware attack? Do they know to take their computers directly to IT, so IT can isolate the device from the corporate network?

Related: How Network Segmentation Can Help Entrepreneurs Manage Ransomware Risks

3. Set up real-time backup systems.

During a ransomware attack, what matters most is how quickly a business can get its employees back to work. Businesses are finding traditional back-up and file-sharing solutions inadequate because they don't operate in real time.

Employees should be able to instantly roll back their file archives to a point immediately before the infection hit and access their files from alternate devices. Modern business continuity solutions that combine real-time backup, mass file restores and remote access can combat threats by minimizing the crippling effects of down time.

Infected users can stay productive, and businesses can dodge the need to pay a ransom -- which may or may not actually release the locked files. According to a recent study, 19 percent of companies that paid ransom didn't end up getting their files back.

While businesses can't control when they are attacked, they can control how well they are prepared. Many businesses have plans in place for natural disasters, power outages and other disruptions. Few have "e-crisis" response plans for threats like ransomware. It's one of the reasons why ransomware is so disruptive for businesses and so profitable for criminals.

Related: How Network Segmentation Can Help Entrepreneurs Manage Ransomware Risks

So, don't give into cyber criminals by offering up Bitcoin payments, and shedding tears and suffering lost business. Instead, build out a continuity plan that keeps your business running as usual even during a ransomware outbreak.

Richard Walters

SVP of Security Products at Intermedia

Richard Walters currently serves as Senior Vice President of Security Products of Intermedia.net, Inc. He has spent 20 plus years in IT, of which over 15 years in C-level positions focused on information security. He has in-depth knowledge of operating system and database security, intrusion detection systems, identity and access management, and cloud and mobile security.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Growing a Business

How to Build, Grow and Make Money With Ecommerce

To grow your online business, you need to develop a strategy and invest your time wisely. These actionable tips can attract customers and increase online revenue.

Living

70% of Small Business Owners Experience Monthly Burnout. Follow These 3 Rules to Avoid the Same Fate.

Here are three guidelines to help entrepreneurs achieve balance, growth and success in both their professional and personal endeavors.

Side Hustle

'Hustling Every Day': These Friends Started a Side Hustle With $2,500 Each — It 'Snowballed' to Over $500,000 and Became a Multimillion-Dollar Brand

Paris Emily Nicholson and Saskia Teje Jenkins had a 2020 brainstorm session that led to a lucrative business.

Leadership

7 Telltale Signs of a Weak Leader

Whether a bully or a people pleaser who can't tell hard truths, poor leadership takes many forms.