Last week, more than 400 dental practices around the United States had their computers shut down by a ransomware attack. The company Digital Dental Record or DDR that provides online services to dentist offices told their customers that the software used to connect to individual offices had been infected with ransomware. The attack, which happened on Monday morning, left dental practices with no access to patient charts, schedules, x-rays or payment ledgers, essentially leaving them unable to conduct business. As of Thursday, approximately 100 of the practices were back online.
According to tech site, ZDNet, the ransomware was from the Sodinokibi family, a common strain of virus, and DDR was able to decrypt their customers' computers by paying off the ransom requested.
This ransomware attack left hundreds of dentist offices unable to conduct business for days. Frustrated by how long the process was taking, many clients voiced their frustrations on the company's Facebook page. As of September 1st, many offices still remain offline and unable to conduct business.
Imagine what the impact to your business might be if you were struck by ransomware. How much of your business could run without vital computer systems? How much downtime could your business handle? Would you be willing to pay the ransom to get your files released? Would you be able to get your files back up and running quickly? All of these are important questions you need to be able to answer about a ransomware attack so you can be prepared for it to happen.
In a study conducted by Malwarebytes, 179 businesses were surveyed to provide a snapshot of the effects of ransomware on small to mid-size businesses. Some interesting points to note:
- 20% of the businesses that were victims of ransomware attacks had to cease operations immediately.
- For more than half of the businesses, the ransom demand wasn't the big threat. The biggest threat to the livelihood of the businesses was downtime, with 20% experiencing downtime of more than 25 hours or more (or 3.5 days!).
- More often than not, ransomware isn't limited to a single endpoint, but has spread to others as well. And in some extreme cases, the attack spreads to every endpoint on the network.
With these staggering statistics, consider what a ransomware attack may be like for your business. Would you be part of the 20% who had to close shop right away? Could your business survive 3-5 days with no revenue? Would your customers be willing to deal with not doing business with you for a week? For many small and mid-size businesses, the answer is no.
With the DDR dental office case above, many of the dental offices are held hostage by the software company, as the dentists are reliant on the software company for critical pieces of their business data. They can't control the timeframe in which it may take for them to be back online and running again. And if they haven't really dealt with the software folks in an extended period of time or performed recommended backups or software updates, the impact could be even longer.
So with all of these scary statistics, what can small and mid-size businesses do to protect themselves against ransomware attacks? And what can they do in the instance an attack occurs?
For protection and prevention, a two-pronged approach is the best defense. First and foremost, education and training of employees to spot ransomware in the forms of phishing through social media or email is critical. An informed employee is better equipped to spot a suspicious email or post and avoid deploying the ransomware that may be contained within it. Secondly, having a disaster plan in place to deal with an attacks is just as important. This includes email security, regular data backups, network segmentation and ransomware-specific solutions either on premises and/or in the cloud.
So as a small or mid-size business, how can you utilize your resources to ensure you're getting the best protection for your dollars? Everyone has a budget, and sticking to that budget is crucial to any business' success. With a managed services provider (MSP), you can work to create a strategy that will work best for your needs and your budget. See our previous article on how to find the best managed service provider for your business to get tips on selecting the best MSP for you.
For these 400 dental practices, the effects of ransomware is real. It's been eight days since the attack occurred and only about 25% of them are fully functioning. Could your business survive that? Don't wait for the attack to happen to find out.
Fraser Advanced Information Systems is a full-service managed service provider that can help your small to mid-size business create a plan to protect your valuable data. For more information on how we can help, contact us today.