Two big ransomware attacks that were recently in the news had something significant in common. Both companies were unprepared with their recovery response and had to pay millions of dollars in ransom to attackers.
One of the two attacks in question was on Colonial Pipeline, an attack that caused gas shortages across the East Coast and was a driver for the current price of a gallon of gasoline being over $3.00.
Colonial Pipeline paid attackers $4.4 million in ransom, even though it had a backup of its systems. This attack happened due to an unused VPN account that wasn’t properly protected with basic IT security best practices (in this case, two-factor authentication).
The other attack, which followed just a couple of weeks later was on JBS (owner of Pilgrim’s Pride, Swift, and other brands). This company is the largest global producer of beef and pork and had to shut down plants in the U.S., Canada, and Australia.
Despite also having a data backup, JBS paid attackers $11 million in ransom.
Why Do Companies with Data Backups Still Pay the Ransom?
You would think that if you already have a backup, you shouldn’t have to pay the ransom, right? Isn’t that one of the many things a data backup protects you from?
That should be the case, however, one of the main reasons companies pay the ransom is because they don’t have adequate data recovery systems, and/or haven’t properly tested recovery.
In the case of Colonial Pipeline and JBS, both had differing reasons for not paying the ransom. In Colonial’s case, principals thought they could get systems back up and running faster by paying the ransom rather than going through backup restoration. It wasn’t specified in reporting, but often this is due to a failure during IT incident response preparedness, such as failing to go through data recovery drills regularly.
JBS principals stated that the company chose to pay the ransom for fear of hackers leaking customer data if it wasn’t paid.
Time and time again, you hear many companies using the excuse of costly downtime and being unsure about the timing of their data recovery from a backup for why they paid a ransom.
This is unfortunate because paying the ransom is what has caused ransomware to become such a dangerous threat and to grow in cost and volume each year. It’s been very profitable for the attackers.
Ransomware attacks grew 485% in 2020.
How to Ensure You’re Prepared for a Ransomware Attack
Ensure Your Backup Solution Has a Fast Data Recovery Mechanism
Not all forms of backup are fast to recover data. Companies don’t always think about this until it’s too late and they’re facing days of costly downtime due to a data loss incident.
Data recovery must be a part of any option you chose for backup and disaster recovery.
For example, AhelioTech offers a large range of data restoration options that fit any type of IT architecture. Because we deploy virtual environments and take image-based backups, we’re able to do instant restores of data for minimal downtime.
Practice Your Data Recovery During Response Preparedness Drills
Some companies that pay the ransom to attackers do so because they’ve never been through a data restoration and are unsure how long it will take. You should regularly test your disaster preparedness through drills, and a ransomware drill is one of the most important because of the prevalence of this type of attack.
During a ransomware response drill, you should do a full system restore from your backup. The more this is practiced, the faster your team will be should you get hit with ransomware or any other type of data loss emergency.
Create a Plan That Employees Can Follow
Response to ransomware can take longer if employees are wasting time wondering who is in charge of calling the IT provider or what each person should do.
Create a disaster response plan and include delegation of duties in the case of different types of crisis events. For example, in the case of ransomware or damage to your premises from a tornado or fire.
You should also include steps for each team member to follow. Such as immediately disconnecting their computers from the internet and any internal network if a ransomware attack is detected anywhere on your network.
Allow employees to practice the plan during your incident response drills so they can execute it like clockwork. It’s also important to keep this incident response plan updated as staff changes and your technology infrastructure evolves so it’s always current and can help you mitigate the costs of an attack.
Learn More About Our Business Continuity Appliance
AhelioTech can help your Columbus area business ensure you have the tools needed to protect your data and recover quickly from a ransomware attack.
Contact us today for a free quote. Call 614-333-0000 or reach out online.