Baltimore Ransomware Update

Baltimore Ransomware Update

It was preventable!

Alas poor Baltimore, I knew it well! (bit of a misquote.) And not true anyway - I’ve only been there a few times as a kid. But I might as well know it; their current malware problems could happen anywhere in the States or in the world.

City services are still dramatically affected weeks after the attack. Now they are asking for federal disaster relief funds to help them recover, which means that we might all be paying for it to some extent. The city has its own fair share of problems and - again - this was entirely preventable by proper backup/disaster recovery/business continuity procedures. Cheap insurance, folks.

Recent News

$18.2MM to recover from the ransomware (sounds optimistic): Baltimore Sun

What, me worry? We had a plan: Ars Technica

Even emergency workarounds didn’t work: Ars Technica

If all of those servers and workstations (at least the mission critical ones) had been fully backed up with images and frequent snapshots (deltas,) at the very least core city services could have been restored in a few days max. Or more likely hours.

Need Help from Security Experts?
Let's work together today!

Business Impact

One of the main things that organizations overlook with ransomware (or natural disaster for that matter) is the cost of being completely shut down for days, weeks or even longer. It very often means the difference between business survival or updating your resume. Below I’m going to make up some numbers for an entirely fictional and greatly simplified law firm after an attack. I’ve estimated the total numbers for four weeks to be able to compare apples to apples in the cost differential:

Ransomware Cost to Law Firm with 10 Employees
for One Month

  • 8 attorneys at $250 an hour, 30 chargeable hours a week: $240,000
  • 2 support employees at $45k a year: $7500 plus benefits
  • Class A office building in DFW for a month (2500 sq ft @ $32/ft): $80,000
  • IT remediation, 200 hours at $200 per hour: $40,000

NOTE - This does not include:

  • Court penalties
  • Fees paid to opposing counsel
  • Missed new client opportunities
  • Professional reputation and goodwill with everyone

Very conservative cost estimate for being closed one month: $367,000

Monthly Managed Security Plan (this is your cheap insurance!)

The plan covers 10 PCs, 1 server and a LOT more!

Backups:

  • Full images of mission-critical computers with snapshot updates of each several times a day
  • Images are stored locally and in the cloud
  • Individual files can be quickly restored
  • If hardware or the building is destroyed, images in either location can be made ‘live’ so work can continue
  • Images can be restored on different hardware if necessary

 
 
Included Additional Services:

  • 24x7 security monitoring of organization
  • Regular security updates/patches for all PCs, servers, firewalls and network infrastructure
  • Anti-virus/anti-malware software on all PCs and servers
  • Periodic security training and non-embarrassing phishing tests for all employees
  • Dark web scanning for ID theft for every employee
  • Office 365 security tightening and continual improvements
  • Continual security improvements over life of contract
  • Quarterly business reports (QBRs) reflecting current status and incidents/improvements since previous report
  • Annual security improvement roadmap
  • Includes actual policy from insurance company tailored for business cybersecurity

Cost per month: $8,000

NOTE – This is not a firm quote but just a general guideline. Every network/organization has different requirements.

 

Summary

The cost difference in being proactive rather than reactive in your security stance is staggering.

$367,000 vs $8,000.

This is what I mean when I talk about cheap insurance. It’s not just the backups – you get so many more features on top of that with a managed security service.

Our Security Experts Are Here to Help

Contact Symmetrix Technologies now for a free security consultation to protect your business and livelihood.

#baltimore #ransomware #malware #cybersecurity #cheapinsurance #bdr #disasterrecovery #businesscontinuity #backups #legaltech #cya