ransomware attack

Ransomware Aftermath – Recover Your Data or Start Over

No organization wants to end up here: facing the computer, files locked, with a demand for payment glaring from the frozen screen in mockery – the victim of a ransomware attack.

Unfortunately, in 2017, more people and businesses than in any previous year found themselves in just this situation. Ransomware attack frequency increased by upwards of 250% over the first quarter of the year, and only continued to increase over the ensuing months.

For organizations, the sad takeaway from these statistics is that it’s increasingly likely that you will be victimized by a ransomware attack. Yes, there are steps that you can (and should) take to minimize the chances of this situation – but it’s impossible to completely negate the risk.

No organization wants to come face-to-face with a ransomware screen. But, if a ransomware attack does happen, what happens next?

 

Can anything be salvaged?

Well, the aftermath of a ransomware attack depends largely upon whether or not your organization is using a managed IT services provider. The aftermath without a provider looks much different than it would with one.

Let’s take a look at each scenario.

Buckle up: your organization has just been victimized by ransomware. Here’s what happens next.

 

Ransomware Aftermath if You Don’t Have a Managed Service Provider

Your organization was attacked by ransomware.

One of your employees received an email with a malicious link. The email asked the employee to confirm information about his medical profile. It seemed like a legitimate request, so the employee obliged ().

When he clicked through, however, he downloaded a ransomware package, and his machine was immediately compromised.

Most ransomware spreads via email.

The damage didn’t stop there, though. The ransomware then used a worm component to spread to other hosts on the network, infecting 20 other employees’ machines – similarly to how WannaCry spreads. 

The average ransomware attack infects 20 employees

Many of the machines affected had important documents stored on them, some of which were urgent in nature or otherwise integral to the functioning of your organization. Because of this, when the ransomware hit, several employees complied with the ransom request in an attempt to unlock those documents.

They quickly submitted payments of $1,000 each. The payments went through, but had no effect – the decryption key sent in return didn’t work.

The average ransomware payment request is $1,077.

Your IT person, meanwhile, was pulled in twenty different directions, but soon realized that there was no way to decrypt or unlock the machines. The only recourse was to turn to backups.

Unfortunately, while the IT person had preached the importance of backing up systems, there hadn’t been time to follow through on the request – and so the most recent backups were over a year old. Restoration to those versions took nearly a full week.

72% of infected businesses lose access to data for two days or more.

When it was completed, the effect was, for all intents and purposes, the same as starting from scratch. Many of the important projects and documents that employees had been working on over the past months were completely lost.

Business was severely affected.

 

Ransomware Aftermath if You Do Have a Managed Service Provider

Your organization was attacked by ransomware.

One of your employees received an email with a malicious link. The email asked the employee to confirm information about his medical profile. It seemed like a legitimate request, so the employee obliged.

When he clicked through, he downloaded a ransomware package, and his machine was immediately compromised.

The damage stopped there. Your IT managed service provider had installed an internal safeguard that blocked the worm of the ransomware package, so no additional employees were compromised.

And, although the employee had been duped into clicking the link, when he saw the ransomware program take control of his machine, the training he’d received from your provider kicked in, so he did not submit a request for payment.

Additionally, your managed service provider had implemented cloud backups at regular intervals. So, the employee was able to restore his machine to its status several hours before the attack. In doing so, he avoided losing any critical information.

Business continued as usual.

 

How to get an MSP

Ransomware attacks are never fun. But, in the aftermath of an attack, life is much better if your organization is using a managed IT service provider.

As ransomware attacks increase in frequency, being prepared has never been more important.

At Swift Systems, we’re honored to partner with growing businesses as a managed IT services provider. We help organizations set up redundancies so that, should an attack occur, its effects will be minimized. In addition, we strengthen systems to greatly decrease the likelihood of an attack occurring in the first place.

We work alongside internal IT teams to give them the support they need – which means that your IT person will no longer need to worry about being pulled in 20 different directions at any given time.

You don’t want to end up in that dreaded scenario: facing a screen that’s locked with a ransomware attack. At Swift Systems, we can minimize the likelihood of that happening – and, in the unfortunate event that it does, we can quickly negate its effect on your business.

Get in touch with us today to find out how a managed IT service provider can help you.