Few types of malware are quite as instantly disruptive as ransomware. An infection can spread in no time and quickly take down an entire company. Systems go offline because data has become scrambled and users can’t access any records, customer databases, or other types of files.
In a ransomware attack, malicious code is used to encrypt or “scramble” files. This code can encrypt files on computer hard drives, servers, and even in cloud storage platforms. When employees try to access files, such as a customer database or accounting program, they can’t because the files can no longer be read.
The infected devices will display a ransom note requesting a large amount of money, usually in untraceable bitcoin. If the ransom is paid, then the note promises that the decryption key will be provided.
Ransomware is one of the most dangerous threats to your construction company’s cybersecurity.
How Prevalent Is Ransomware?
Unfortunately, because of the money to be made from ransomware attacks, it has grown in volume and cost over the last several years. In 2020, ransomware attacks grew by 485%.
Some of the recent high-profile attacks seen in 2021 involve the large Colonial Pipeline attack that caused gasoline prices to skyrocket across the country. This was followed by a ransomware attack on JBS (Pilgrim’s Pride, Swift, etc.), the world’s largest producer of beef and pork.
A new study that just came out from NordLocker reviewed 1,200 companies that were victims of ransomware between 2020 and 2021. It found that the #1 target for ransomware is the construction industry.
No business is safe because attackers go after companies of all sizes. Small businesses are particularly good targets because they often don’t have strong IT security protections in place.
What Can Ransomware Cost Your Construction Business?
The most expensive cost of ransomware is downtime. The average downtime for a company that is the victim of ransomware is 21 days. That’s an eternity for busy construction companies that have customer deadlines to meet.
Within the past year, the cost of recovery from a ransomware attack has more than doubled. It has jumped from $761,106 to $1.85 million in 2021.
Ransomware costs include:
- Lost business due to downtime
- Lost employee productivity costs
- IT remediation to clean up the infection
- Legal costs related to any exposure of personally identifiable information (PII)
- Ransom cost, if paid
An increasing number of companies end up paying the ransom. In the case of Colonial Pipeline and JBS, both paid ransom amounts between $4 million and $11 million. Both had backups of their data but were afraid it would take longer to restore data than to pay the ransom and get the decryption key.
This year, an average of 32% of businesses pay the ransom to ransomware attackers, an increase of 6% from the previous year.
How to Prevent Ransomware
Ransomware is one of the challenges facing the construction industry, but business owners can mitigate their risk of falling victim to an attack by following some cybersecurity best practices.
Tips for preventing a ransomware infection at your company:
- Ensure all data is backed up regularly
- Use a backup system that has fast and full data recovery
- Test your data recovery in drills
- Use good anti-malware applications on devices
- Put a next-gen firewall in place on your network
- Use multi-factor authentication with all employee logins
- Deploy phishing protections like DNS filtering and email filtering
- Have your network monitored regularly for any threats
- Put a security patch and update management system in place
Often, it’s a simple lack of basic cybersecurity hygiene that causes a company to succumb to a ransomware attack. For example, in the case of Colonial Pipeline, the hackers got in through an unused employee VPN account that was never closed and that did not have multi-factor authentication in place.
What You Should Do If Your Systems Are Infected With Ransomware
With any malware infection that spreads rapidly, time is of the essence when responding. The goal is to act quickly so you can mitigate the damage from the attack.
Usually, there will be two initial signs of a ransomware infection on a device. These are:
- Inability to access data
- Ransomware note showing up on the screen
When you see these signs of a ransomware infection, you should do the following.
Disconnect the Device
Immediately disconnect the device or devices showing signs of an infection from external and internal networks. This means disconnecting them from the internet and any internal network that might be using an ethernet cord.
Check Other Devices for Any Compromised Data
Check other devices on the same network to ensure you do not see any encrypted or compromised data.
Take a Photo of the Ransom Note
You don’t want to turn off your system. It’s important to get a photo of the ransom note with your smartphone and send that immediately to a trusted IT provider, like Attain Technology. We can often identify the type of ransomware you have by reviewing that, which helps us remediate it.
Verify Your Backup
Ensure you have a backup that can be restored. Before restoring it, the ransomware needs to be completely removed.
Have a Professional Remove the Ransomware & Restore Files
Ransomware is not something you want to try to tackle yourself. You could end up losing your files forever if the process is not done correctly.
Have an IT professional remove the ransomware, once your backup has been verified, and then do a full system restoration.
You don’t want to have to pay the ransom. Because even if paid, there is no guarantee the hacker will come through with the decryption key or that it will work.
Schedule a Construction Technology Audit Today
Attain Technology can help your business ensure you have the proper defenses in place to protect your systems from ransomware.