Ransomware has already caused businesses real trouble this year and recently, security firms have warned about a sudden surge in junk mail messages containing the malware. It seems that organised criminals are now increasingly targeting businesses, which can offer them bigger returns than going after individuals.
The first wave of ransomware started in 2005 and was called Trojan.Gpcoder. Now the security industry (and many unfortunate users) are discovering new variants almost every day. For example, a strain called Locky, discovered only two weeks ago is now the second most prevalent form. Currently, Locky asks for 3 Bitcoins (about £885) as payment for the decryption key.
According to the FBI, the CyrptoWall strain stole more the $18 million between April 2014 – 2015, and its is recommending that it is easier to pay than fight. So if, heavy weight organisations of that level won’t fight back, are all businesses at the mercy of ransomware? Or is there something your business can do to mitigate the effects?
Predict the unpredictable
The security industry is constantly creating new ways to protect our data and detect threats, however, for now it seems that the bad guys are always one step ahead. As such, a more rounded approach to security is required. The natural, knee-jerk reaction when your data comes under attack is to beef up security, but this is hard to do effectively. It just takes one user to get duped into installing some new code and your whole network can be compromised.
Added security might provide your business with better protection from ransomware getting into your systems to start with, however once it is in, what are you going to do? Is your only choice to lose all of your data or pay?
A fence isn’t the only answer
Think about it this way, if you consider computer security as a fence around your valuable data, it is still vulnerable to the same things as a real fence – brute force attacks, or breaches going under or over it, not to mention users forgetting to lock the gate, or just holding it wide open for the bad guy to walk in. User actions are still the biggest risk, no matter how good your fence or security strategy is.
If your data were held hostage by ransomware, wouldn’t it be better if you could turn back the clock and revert back to untainted data from before the infection? Regardless of your industry, an effective and comprehensive data management solution should be an urgent, preventative priority. While many organisations put in place data protection for their datacentre and roll-out endpoint security, endpoint data protection is often missed completely.
In the digital world, you can keep copies of your valuables. A back up copy of your data is not like fake diamonds, or a reproduction Monet, it is an identical just as valuable twin – which will always be just as valuable as the original. When security fails, a comprehensive organisation-wide safety vault (AKA backup) could save your business or at the very least expensive Bitcoins.
The cloud copycat
Unfortunately, when files are encrypted by a ransomware attack, cloud sync and share tools aren’t something you can rely on.
This is because cloud sync and share replicates the encryption to your cloud copies, so they are just as likely to be scrambled as their originals. The other issue with cloud syncing services is that they typically don’t cover all of a user’s data and may not always have retention policies that pre-date the attack, especially if the sync is to free cloud storage or cloud offerings targeted at consumers.
If you rely just on cloud, a ransomware attack could be leave you with no choice but to either pay the hefty ransom, or say goodbye to your data.
To recover from a ransomware infection you need to be able to restore your data from a backup prior to the attack. Unless you’re properly prepared, this can be a complex task, especially if many systems and user devices are affected. Whilst you may lose a few weeks’ worth of data from working back before infection, it is nominal compared to the impact of losing all your data permanently, or indeed paying out huge sums of money to get it back. Of course, only your organisation can make this difficult decision.
A final factor to consider is that while endpoint data protection may seem like a big step to take to combat ransomware, choosing the right system can boost productivity and reduce other security risks associated with unsanctioned sync and share in the cloud.
So if even law enforcement agencies don’t have your back, there is a choice, and it’s not just your money or data destruction, it’s to pay or revert to back up.
Nigel Tozer, Solutions Marketing Director EMEA, Commvault
Photo credit: Ton Snoei / Shutterstock