Fighting back against ransomware attacks

There is no denying that ransomware attacks are a very real threat for businesses. Given the ever-growing value of data and the importance of business continuity, organisations that have fallen victim to such attacks either face a period of downtime or they pay out in order to retrieve their data to resume business as normal.

Headline-grabbing examples, such those affecting the Hollywood Presbyterian Medical Center, or closer to home, Lincolnshire County Council, are no doubt only the tip of the iceberg. How many others are giving in to ransomware demands without revealing they ever had a problem in the first place?

Ransomware attempts to force the hand of the target organisation which, above all, needs to get back to work. The dilemma is to either pay out and move on, or face a period of uncertainty, interruption and downtime while services are restored. Many organisations may think they have solutions in place, but as malicious IT attacks become more and more sophisticated, no company is safe sticking to the narrow view of ‘keep the virus out’.

Effectively overcoming the tyranny of ransomware means being able to recover critical applications and data within minutes. Backup solutions and firewalls alone do not offer this. Businesses need comprehensive Business Continuity (BC) and Disaster Recovery (DR) capabilities that deliver consistent and complete recovery processes that are simple to maintain and increases efficiency.

The challenge is that many BC and DR plans involve limited, technical point products, which many organisations already have some form of backup process in place for standard audit requirements as mandated for highly regulated industries. However when a disaster does strike, it is the first few minutes that are critical and businesses need to be able to recover within those minutes, not hours, and completely as possible. Relying on incomplete backups taken 24 hours previously could take hours to restore, leaving businesses with downtime they cannot afford and which more worryingly could have been avoided.

For many organisations IT security is often too myopic with IT professionals viewing it as just the prevention of intrusions. A more comprehensive approach involves considering IT security strategy as a three legged stool in order to withstand the evolving threats they face. This includes detection of attacks, prevention of intrusion, and bolstered by fast recovery of critical data and applications such as SAP, Oracle, or SQLto ensure uninterrupted business operations.

With proper DR processes and supporting technologies in place that provides instant access to data, in the event a virus does break through, any impact can be highly marginalised. Advanced DR platforms can help to avoid costly outages by allowing organisations to go back to increments of seconds to the point before a file, application, or folder was corrupted, deleted or infected. This allows organisations to nullify ransomware as they neutralise yet another “criminal disaster” and resume business as normal within a matter of minutes.

Protecting against a virus is of course the first line of defensive but this is proving more difficult as malware continues to evolve and progress. Working from backups is time consuming and often out of date, but advanced DR can allow the business to recover from an outage or virus by re-winding their VMs to a point in time where the infection simply didn’t exist. This negates the need to pay any ransom and allows businesses to get back up and running within minutes avoiding any costly downtime.

Successfully meeting internal and external compliance initiatives after a disaster is an added pressure for organisations with highly sensitive data, such as the healthcare, financial, legal and public sectors. In the event of a disaster or a malware infection, these organisations come under increased pressure from regulatory bodies and the public. Failure to comply or recover data within an adequate amount of time could result in costly fines and other negative repercussions.

By implementing a comprehensive BC/DR strategy businesses can be prepared should a ransomware attack break through the first line of defence.

With BC/DR processes in place businesses are given the ability to regain quicker control of their entire infrastructure and can resume business as usual by being able to instantly access and recover any data, critical files or applications.

Peter Godden, VP, EMEA at Zerto

Photo credit: wsf-s / Shutterstock