This series addresses the threat of ransomware that previously focused on large networks exclusively. That was 2016.
It is now 2017. Small businesses and manufacturing outfits are currently in focus.
Attackers are becoming more aware that the majority of small businesses and manufacturers lack the resources to set up an effective cyber-security program on their own. Ransomware is a unique and potent method of attack. The simple act of preventing business owners from accessing their data or systems is often enough to pressure them into trading money to regain access.
A Tale of Two Flower Shops
In Pleasantville, USA, there are two flower shops: Acme Flowers, and Back to the Fuchsia.
Acme Flowers has a long-standing tradition of giving their customers excellent product while keeping their operating costs as low as possible. They do very well for themselves. People travel from miles around. The wait list is longer than that of the Packers’ season ticket waiting list. Their prices are excellent, and their flowers are stellar! The owner of Acme Flowers has never needed to consider a security-related catastrophe as a possibility and operates the business in that mindset day in and day out.
Back to the Fuchsia has also been running a long time. While not as well-known as Acme, they have a fantastic product line as well. Their bouquets and arrangements win in contests nationwide. On occasion, diplomats request their product for royalty! The owner has also never needed to consider security-related catastrophe as a possibility, yet has decided to take a proactive approach to backup their business operations – due to the swiftly changing environment that comes along with using technology in the world of business.
As the story goes, Mothers Day is just around the corner. Of all things, most Moms love brunch and of course: Flowers! Since both shops have the largest sales that day (aside from Valentine’s Day), the business expectation is to sell fields of flowers and make lots of money to keep them afloat the rest of the year.
Ransomware attackers tend to love situations where they can create pressure, and make money as a result.
Early in March, attackers gained access to both flower shops’ networks. Per their plan, the attackers gained full access to all of Acme Flowers’ and Back to the Fuchsia’s point of sale machines in the months ahead of Mother’s Day. As you can see, attackers are patient.
They waited precisely until 10 a.m. on Mother’s Day and then began simultaneously encrypting all point of sale machines. With lines out the door in minutes, and no way to pay for fresh flowers, customers grew impatient… and both store owners get an email. It’s an attempt to hold their business hostage.
Until money grows from the rich soil beneath us, you should be prepared to handle a ransomware attack.
As the adage goes: Hope for the best but prepare for the worst.
There are many resources available describing ransomware and how to best control risk to your organization. There are entire publications and endless articles about disaster recovery that serve as excellent reading material in case you have trouble falling asleep. Most highlight preventative strategies (see Ransomware 101), but the fact is that no organization can be completely safe. Thus, the highlight of this part in our Ransomware series is this importance of a
Comprehensive Disaster Recovery Plan
Don’t be alarmed; this is just a fancy term for keeping your systems running and your data handy. 😀
Of course, there are different levels of commitment to disaster recovery. Some organizations build a near replica of their systems and data, in case a catastrophic event strikes the primary workplace. It is called a hot site and is just as expensive as it sounds.
The good news is that in the context of ransomware, creating a hot site is overkill in most cases. Since ransomware leaves network-related devices (e.g., your WiFi router) alone — for now — focus on backing up your critical data and systems.
Here are the basics:
1. Identify each bit of information that would adversely affect your business if erased from the Earth. Back it up, and store your backups offline and away from your primary workplace.
2. Identify each system – hardware, software, applications, processes – that would adversely affect your business if erased from the Earth. Devise a method of restoring those systems in as little time as your budget will allow.
3. Test your recovery plan at least quarterly. Test your recovery plan. Check your recovery plan. Examine your recovery plan. Don’t forget to test your data backups after each backup process is complete. Of all the strategies to use when dealing with ransomware, this step needs more emphasis.
Backup to the Flower Shops
Before we wrap up, let’s stop to smell the roses at our two shops, and see how their plans helped their businesses through disaster recovery:
Acme did not have a well-defined, secure backup plan to rescue the store out of the ransomware attack. If they wanted to continue their business that day without loads of downtime, and costing oodles more money in replacing their software and data, and without paying the ransom, they’d have to make all transactions by hand. A grim prospect, indeed. You know what’s even worse?
Paying any ransom to the attackers will encourage them to attack others, yourself at a later date, and would still leave you vulnerable to their increasing demands.
Acme’s owner started handing out notebooks to each of his cashiers, and they made it work, hand cramps and all. Luckily, their budget plan eventually allowed for replacing the software, licensing, some shorted hardware from their drive wipes, and the time it took the employees to rebuild their inventory database from their notes.
Back to the Fuchsia, however, has a regularly tested backup plan. All of their software license information, and the physical drives? Stored in a bank deposit box a block away. They tested their system and found an encrypted backup drive in mid-April. They got the help they needed to ensure their data stayed un-encrypted on their backups and restored their systems within an hour of the attack on Mother’s Day.
As you can see from the shops’ story, everyone can benefit from having a Comprehensive Disaster Recovery Plan, as it saves you from wasting time, money, and from heartache.
Comprehensive Disaster Recovery Plan: Test Yours Regularly & Thoroughly.