The WannaCry ransomware attack on May 2017 hit hundreds of thousands of computers in more than 150 countries. Although this strain of ransomware is new, there are several other types that have been used over the past couple of years. This most recent used a special exploit known as Eternal Blue. According to the New York Times, a hacker group known as the Shadow Brokers released Eternal Blue, and was responsible for “previously released hacking tools by the National Security Agency.” Cybersecurity is one of the largest forms of theft in today’s age, and it continues to grow.

It is no longer an issue of “if” hackers will exploit your data, but a matter of how you will handle it when it happens. Normal anti-virus software, authentication services, and firewalls are not enough.  You have to determine how to restore and retrieve lost data after it has been stolen or frozen from ransomware. Disaster recovery services are no longer just for natural disasters but can act as a surefire safeguard of recovering data quickly and efficiently.

Is Your Small- to Mid-Sized Business (SMB) at Risk?

Although the threat is widespread, it does not mean your company will become infected, but it is more likely to be attacked than not. Forbes recently wrote an article about the Locky ransomware. This is not new; it has been around since 2016, but what it recently did was a bit scary. It released 23 million emails in a 24-hour period. These emails are very simple and most people would ignore them, but the small few that decided to click on the link would cause the entire network to lock up. To regain access to computer files the company would have to pay the ransom of nearly $2,300.

Think about it, if only 1,000 people out of the 23 million click the link, then the hackers get over $2 million. These emails are not sent just to large companies. That is why they do not ask for much money. They want even the smallest companies to be able to pay for the release of their own information. The problem with this is paying the ransom does not guarantee a virus-free system or that data will be unlocked.

The True Cost of Ransomware

Yes, SMBs paid $301 million to have the ability to decrypt their own file structures in 2016; per TechRepublic. It is estimated that 5 percent of all SMBs were victims of cyber attacks in the past year. It is also noted that 97% of managed service providers believe these numbers are going to get worse over the next two years. Only about 35 percent of the SMBs actually paid the ransom, and of those only 85 percent were able to get their data access restored.

Restoring access is just the beginning. Companies do not know if the ransomware is totally off their network. In some cases, it has returned from their own servers a couple of months later. Finding the virus and cleansing the system can be costly to the business. There is downtime required, usually, overtime is paid for IT to find the virus, and improperly backed up systems may lose days or weeks of data in the process of restoring.

The Best Defense

The best defense is a solid backup and disaster recovery solution. Backups are a good solution. Today cloud providers can copy data almost in real time, and this allows your data to be stored on multiple servers. If possible try to get your data stored at different sites. This ensures that if your data is compromised in a specific location, that your secondary data store is safe. Depending on your budget, providers can store your information on the fly. It, of course, is not immediate, but it is close.

Don’t rely on just a backup plan to store your data. Disaster recovery is a much larger process to initiate, but it can have your company up and running within hours after a disaster such as a ransomware attack.

Learn more about cyber attacks and data breach: Buy the book ‘Easy Prey: How to Protect Your Business From Data Breach, Cybercrime and Employee Fraud’.

Disaster Recovery Services

The difference between disaster recovery services and backups is what is being stored. Backups just store the files off your network. Disaster recovery images the entire file structure and operating system. Restoring this is much faster than through a backup process. Many offices use an exact type of computer model and file structure on all their computers. There may be different apps for accounting, HR, IT, management, etc., but IT will create mirrored backups for each department. When something goes fatally wrong with a computer it is much easier to wipe the drive and reinstall everything in a single stroke, than to try and copy over old files.

Some providers have taken the time to develop their own mirroring software to better serve their client. TOSS’ vBCDR has been specifically created to work on any sized business model against ransomware attacks, natural disasters, and any other emergency that can affect your data. Although these services are helpful in recovering your data, it is the responsibility of the organization to create a solid disaster recovery to implement in case of a ransomware attack.

The Disaster Recovery Plan

Although disaster recovery services can mirror your hard drives, it is still important to know what data is the most important. Creating standard images for your computers is something your local IT department handles, unless you have contacted a managed service provider to help with your infrastructure.

It is the other data that you really need to protect. Data involving clients, research, tax information, and patient data are some examples. This data needs to be stored not only for recovery purposes but to help protect against lawsuits and to give the data’s owner piece of mind. Some basic things to consider when developing a disaster recovery plan are:

• What data needs to be stored?
• Have you assigned a risk management officer to handle different types of disasters?
• When was the last time your disaster recovery plan was updated? Many disaster recovery plans today do not include hackers as a potential threat.
• Is the process well defined so a secondary can read it and know what to do if the primary is not on site?

If you have not yet developed a plan then you should start by talking to your IT department. After you find out what requirements you will need and the best way to store what data, then contact your disaster recovery provider to see how they can implement your requirements. Make sure to ask them a lot of questions. Ask about their rules of specific file structures, what operating systems they are compatible with, and their policies on file synchronization.

Build a team, and practice routine disaster recovery training to make sure everyone can perform what needs to be done, and clock how long it will take.

These steps can help any SMB to recover from a ransomware attack as early as the next day. Disaster recovery services may be offered by many providers, but you will want to make sure you find one that has the longevity and resources to help your company thrive throughout the coming years. Get a free assessment and see how TOSS can help you today.