What can we do about the expected increase in ransomware and cyber-extortion tools?
By: Gregg Petersen, Regional Sales Vice President, MEA, Veeam Software
Paying ransom fees to regain access to data in the vague hope that criminals will release files from hostage is a known phenomenon that continues to demand regular column inches. But currently, with ransomware on the rise, no company wants to get into the habit of paying out a ransom fee to access their own services. How can businesses guard against the rising threat of ransomware?
The rise of ransomware
The vital ingredient in ransomware’s startling rise is money. The sheer size of the reward available can convince even people with impeccable moral standards to commit a crime. Suddenly there is a reason for rogue employees to take a risk and those with intimate knowledge of a company’s business processes can purposely target systems containing its most precious data to ensure the organisation must pay.
The other key factor is that malware has previously been something only skilled hackers could create, but now the ease of ransomware creation makes the process almost effortless – making it a simple task for, in theory, anyone with a computer to drop the malware and wait for the ransom pay-out. Indeed, a service known as Satan on dark web portal Tor allows anyone to create and configure a variant of malware and choose from a range of techniques, select a ransom note, choose a contact preference and track the amount of money they’ve made.
Trojan malware like Locky, TeslaCrypt and CryptoLocker are the most commonly used variations currently used to attack companies. These often breach security loopholes in web browsers and their plugins or inadvertently opened email attachments then, once inside the company, the ransomware can spread at breakneck speeds and begin to encrypt valuable data. The FBI has recommended that companies implement a solid ransomware backup and recovery strategy for effective protection against data loss caused by CryptoLocker or any other Trojan.
Placing tight permissions on data is all well and good but realistically it will not help businesses, given that credentials can be obtained with a keylogger or through social engineering. Instead, to protect themselves against the threat of insider threats and ransomware, businesses should look to air gapped backups, which are essentially offline backups that cannot be manipulated or deleted remotely.
The criticality of the workloads and data within business environments demands a 3-2-1 rule, whereby three copies of the company data should be saved on 2 different media and 1 copy should be offsite.
Four options for effective data backup are: Transfer the data from one location to another using Backup Copy Job; use a removable storage device as the secondary repositary; use tape because they do not enable direct data access and thus provide protection against ransomware and implementing the 3-2-1 rule with storage snapshots and replicated VMs.
Never pay a ransom again
The ability to restore data means no business should ever have to pay a ransom. However, nothing can be taken for granted in the cybersecurity space, as threats are constantly shifting and the number of attack surfaces grow with every new device added to a network.
Businesses must assume it is a case of when an attack will happen, not if. To remain agile and in control of both new and emerging threats, security must no longer operate as a silo IT function but rather as a fundamental business process and enabler.
Ransomware must be prevented where possible, detected if it gains access to systems and contained to limit damage. But only through a collaborative and integrated approach, which ensures both security policies and SLAs align with business objectives, can organisations have confidence their data is as secure and available as possible. Doing so gives them the best chance of keeping their organisation one step ahead of the cybercriminals, as they look to realise the benefits of digitisation.