as stated in Datto’s 2017 State of the Channel Ransomware Report.
But, of course, practices aren’t the only organisations that have been hit by the ransomware epidemic. Just ask the city of Atlanta, whose systems were frozen by ransomware in late March of this year, locked behind a $50,000 Bitcoin deposit. One interesting component of the case is that, regardless of whether or not the city was actually prepared to pay the ransom, it seems they didn’t even have the opportunity. Hackers took down the payment portal not long after the breach, leaving Atlanta officials swinging in the wind. As officials scrambled to restore basic functions of city programs, it only took two weeks to amass a staggering $2.6 million bill — a figure that officials expect to climb another $9.5 million over the coming year.
Even if you’re not one of the 8 biggest cities in Australia, cybercriminals cast a wide net — most of the time, it’s more profitable to target dozens of virtually unprotected, smaller practices than to draw the ire of big fish like the AU government. If you were a small-time criminal, would you rather break into 10 high-end, unlocked homes abandoned by holidaying tenants, or pull a single, endlessly complicated Ocean’s Eleven-style heist? Attackers generally follow the path of least resistance. Your practice is just that.
So, what do you do in response? Toughen up your barriers, tighten up your processes and enlist your entire staff in the battle against ransomware.
Ransomware attackers don’t steal your data, they just lock you out of it. So the best way to make your law firm totally ransomware-proof is to make sure a ransomware breach won’t actually affect your day-to-day operations. That means regular backups, and lots of them, scattered throughout your primary network in places that won’t be compromised by the spreading malware. When ransomware hits, all you need to do is hunt down the source, delete it, and roll the entire system back.
The vast majority of ransomware attacks happen through phishing e-mails, which means employees are usually the ones to open the gates that let the malware in. Luckily, it’s easy to train your team to stay vigilant for the signs of digital scams and put procedures in place that will prevent them from ever clicking that shady link.