[BreachExchange] Softening the threat of ransomware through effective backup & recovery

Audrey McNeil audrey at riskbasedsecurity.com
Tue Aug 15 19:56:05 EDT 2017


https://www.scmagazineuk.com/softening-the-threat-of-
ransomware-through-effective-backup-recovery/article/677739/

Ransomware attacks grew by 600 percent and cost businesses of all sizes
£billions in total in 2016. Aside from the obvious cost of paying ransoms
to malicious actors to recover encrypted data, organisations can incur
costs in the tens of thousands of pounds per day, due to the downtime
associated with recovering critical data.

Unfortunately, many of those organisations most frequently and increasingly
targeted by ransomware are those who can least afford this downtime:
healthcare and other public sector establishments. This is of course
evidenced by the massive WannaCry ransomware attack of May 2017 that
brought organisations around the world, including most notably the UK's
National Health Service, to their knees. This unprecedented attack brought
to the forefront the importance of a data backup and recovery strategies
that would allow organisations to restore hijacked data with minimal data
loss and zero impact on end users. Faced with the urgent need to recover
vital systems and data from the grip of the malware, organisations will be
tempted and often succumb to the temptation to pay the sum to get
themselves back up and running to minimise damage.

Ransoms - what are you getting for your money?

In the event of such an attack, by hastily paying a ransom, organisations
often expect decryption codes to be sent immediately and their critical
data to be released. In many cases, however, this could not be further from
the truth. Ransomware actors are criminals, and perfectly capable of
‘altering the deal' and failing to provide the decryption key once the
financial goal of the attacks is reached.

Therefore, the number one rule in these situations is not pay the ransom.
But what are options do organisations have? Aside from isolating affected
systems and removing them from the network to avoid spread, businesses
should ensure they are prepared for disaster with an intelligent,
comprehensive, and ready-to-go backup and recovery strategy.

The solution

With everything securely backed up and ready to be restored, attackers no
longer hold the balance of power, and when planned and executed correctly,
businesses completely avoid the need to pay a ransom to get their data back.

When organisations fall victim to ransomware, they must ensure their
backups encompass everything - systems, applications and data - so that, in
the event their entire network is compromised, restoration will get them
back up and running instantly. This approach also mitigates financial loss,
brand damage, and productivity consequences often associated with downtime.
Additionally, organisations can benefit from replicating these
comprehensive backups offsite or on the cloud, out of harm's way, and be
able to recover from these locations.

When it comes to restoring data in any disaster situation, what it is that
you are recovering needs to be bang up to date if you are to truly carry on
as normal. Whilst many organisations have backups, a snapshot from the
night before doesn't cut it. They must ensure their backup technology is
taking snapshots on an hourly or, ideally, five-minutely basis, with these
backups ready to spring into action at a moment's notice.

The temptation to pay a ransom will remain for management and IT teams if
they are faced with a lengthy restore process causing extended downtime.
Especially with limited IT resources, many organisations will face
situations where their systems take hours to restore to a usable state and
allow them to work as normal. Rather than having to wait until an entire
system is back up and running, organisations should invest in a recovery
solution that allows users to access and use files and applications from
the backup on-demand, as if nothing happened.

Ransomware is still a grave threat to organisations, and IT teams should
augment good backup procedures with additional security solutions to avoid
infection in the first place. However, with advanced and effective backup
and recovery, organisations can soften the blow significantly, avoiding the
financial costs of ransomware and the crippling downtime that can come with
it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170815/d224ec42/attachment.html>


More information about the BreachExchange mailing list