How One Successful Phishing Attack Lead to Forced Early Retirement
Quick Answer
Two Michigan doctors closed their medical practice rather than pay a $6,500 ransom after a successful phishing attack encrypted their files. They concluded paying would not guarantee recovery and that rebuilding the patient database from scratch was not viable. An AppRiver/SCMagazine survey found 55% of SMB executives would pay a ransom to recover stolen data, with technology, finance, government, and telecom most willing and legal, healthcare, and non-profits least willing. The doctors were near retirement age; most ransomware victims are not in that position. The lesson: cloud-based email security with phishing protection costs roughly $50 per month, less than ten years of which would have covered the ransom demanded. Ransomware almost always arrives via a phishing email, so blocking malicious links and attachments at the email layer is the highest-leverage defense for small businesses.
If you ever find yourself the victim of a phishing attack and ransomware, you’ll only have a few options to try and deal with your circumstances.
Today, successful ransomware attacks involve stolen or encrypting the victim’s data. And to get it back, you have to pay the ransom. Of course, paying the ransom is no guarantee that you’ll get your data back, but it’s certainly higher than not paying it.
One option to a ransomware attack is to pay the ransom and pray. Unsurprisingly, this is the option most often chosen by executives and small and mid-size businesses. According to an article on HelpNetSecurity, “More than half (55 percent) of executives at SMBs said they would pay hackers in order to recover their stolen data in ransomware attacks.” That from the second quarterly AppRiver Cyberthreat Index for Business Survey.
An article on SCMagazine website further clarified that, “The sectors that are most willing to pay were technology, financial and insurance, government, and telecom. Those in legal, health care and the non-profit sectors are least willing to pay a ransom.”
This leads us to the headline of our story. There’s at least one healthcare organization that chose option number two: refuse to pay the ransom.
According to another article on SCMagazine website, two doctors from Michigan refused to pay the $6,500 ransom after being locked out of their files. They did not believe that paying the ransom would have gotten them their files released. “Faced with the daunting task of rebuilding their practice’s database from scratch the two doctors instead decided to retire,” the article stated.
The assumption here is that the doctors were close to retirement age. Unfortunately, not every victim of ransomware is in such a fortunate position.
For reference, they two doctors could have avoided this situation with easy-to-deploy, cloud-based email security for less than 50 bucks a month. That’s right, they could have had 10 years of ransomware protection for the amount sought by the attackers. Or maybe they were just looking for an excuse to retire.
If you’re nowhere near retirement, and would like to avoid the possibility of having to deal with ransomware, head on over to DuoCircle and get enterprise-grade email security service at small business prices. You’ll be up and running in 10 minutes.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.