Ransomware: The Cost of Doing Nothing


Nearly half of home break-ins occur without use of force, according to this article. Meaning: Somebody left a door or window unlocked. Thieves like it easy. If they liked to work, they’d get a job rather than try to rob you. In fact, cops will tell you that the most important place in your house to wire for an alarm is the front door: No matter how a crook gains entry, they’re most likely to casually walk out with their loot (i.e., your stuff) via your front door.

Thieves target the vulnerable.

That’s why we’ve seen so many recent attacks by ransomware – malware that invades a network and encrypts every file it can grab, then the ransomware creators demand ransom to unencrypt the files. Ransomware is insidious, having the ability to spread via your network to invade and ‘kidnap’ every system and drive.

You’re vulnerable, because your organization needs that data. The more the kidnapped data and apps mean to your business, the more you’ll be willing to pay to get it back.

A while back I blogged on some notable ransomware attacks, including the hit on Hollywood Presbyterian Hospital, whose medical records were held hostage for a payout of $3.5 million in bitcoin currency. Medical records, which can mean the difference between life and death, present a classic kidnapping target because of their high value.

You are vulnerable.

Today, business success is data driven. No matter what your industry, you’ve got some high value data, vulnerable to ransomware attack. In fact, a June, 2016 article on FastCompany.com notes that ransomware is a growing criminal enterprise. “[I]f the first three months of this year are any indication, the number of ransomware incidents – and the ensuing damage they cause – will grow even more in 2016 if individuals and organizations don’t prepare for these attacks in advance,” the article quotes an FBI spokesperson as saying.

Don’t be vulnerable!

While ransomware attacks may be inevitable at present, it’s easy to avoid the damage they can cause. Replicating your backups offsite to a DR center or public cloud gives you the ability to recover your data untainted: You discover an attack, export an offsite backup replica to a target machine, test it to make sure it predates the attack, and recover from that set of recovery points. Simple.

Lock the doors tight.

While some organizations are still reluctant to include cloud in their data protection, it can prove more reliable and cost effective than having one’s own DR site. Leading public cloud providers offer digitally and environmentally secure locations for storing copies of your valued data. Public cloud lets you pay as you grow rather than having to pre-allocate storage and pay for the associated real estate and environmental costs. You can save on both CAPEX and OPEX by integrating public cloud into your DR plan.

One good solution: backing up on premises with Rapid Recovery software and replicating recovery points to a preconfigured Rapid Recovery Replication Target VM in Microsoft Azure nightly.

The cost of doing nothing

Hollywood Presbyterian Hospital reportedly settled with their crooks for $17,000 in bitcoin to get their medical records back. What could a ransomware attack cost you?

It’s important that you quantify your risk. The V3 Resources white paper, The Cost of Doing Nothing, explains why thinking beyond traditional cost/benefit analyses is especially important for planning and cost justifying a disaster recovery solution adequate for a modern data center.

Remarkably, despite the potential for serious harm to the business, over half of the companies V3 surveyed did not have a strategic backup and recovery plan in place – which could explain why ransomware is still a profitable crime. The thieves are benefiting from the IT equivalent of people leaving their doors and windows open for the burglars.

Once most organizations have modernized their data protection strategy to include copying backups offsite or to the cloud, ransomware won’t be worth the effort to the crooks and this threat will finally diminish.

Learn how to justify modern data protection. Read The Cost of Doing Nothing.