You’ve seen the headlines — when it comes to ransomware strains like Locky, Wannacry, and Petya, we’re all at risk. What’s more, with the growing ransomware-as-a-service (RaaS) trend, cybercrime is now at an all-time high and accessible to nearly anyone.
Since the introduction of RaaS, negotiating with hackers is now a business in and of itself. We see websites offering up the latest advice to hackers, ransomware customer service lines, and FAQ available to help victims make Bitcoin payments.
So, why do organisations pay the ransom anyway? Well, in many cases, an organisation’s systems were never backed up properly, or the backups were too old. In others, the recovery attempts failed – maybe there was no DR testing, leaving no usable backups from which to recover. Often the amount of time it takes to recover is far more costly — in terms of downtime — than paying the ransom fee itself. In other words, the process is simply broken.
What’s critical to understand is how ransomware gets into your organisation, and more importantly, how you can protect your business from current and future threats of ransomware.
1. Best Practices for Ransomware Prevention
First and foremost, to protect against ransomware, start by doing what you can from a prevention standpoint.
- Make sure servers and firewalls are all patched.
- Update your anti-virus software with latest signatures.
- Train users to recognise suspicious emails and attachments, and to identify nefarious websites.
While this may sound like old news, it’s a critical component to ensuring that you have a proper disaster recovery prevention plan in place.
2. Update Your Backup Process
Long gone are the days where overnight backups every 24 hours is sufficient for proper data protection. A quick and easy fix? Increase your backup frequency. In order to minimise downtime associated with an outage, you should be backing up in 15 minute increments. Your solution should be able to set policies on those backups alert the administrator to any errors.
Also, to protect against ransomware, data should be safely stored both on-premise and off-site. In addition, you want to ensure that you protect all of the servers in your environment, whether they be physical or virtual, with the same level of security. You may instinctively focus on mission-critical applications like Microsoft SQL, Exchange, and your financial systems, but don’t overlook those file servers that are also susceptible to attack.
3. Early Detection Capability
In a ransomware attack, time is your worst enemy. By the time encryption hits, you could have thousands of files encrypted in mere seconds. What’s worse, if you wait for your end users to identify that encryption is spreading via a ransomware attack, you’re going to have a much larger problem on your hands. The longer it takes to detect an issue, the more files are getting encrypted!
Ransomware can spread like wildfire, but early detection capabilities are available. IT needs a solution that will measure high change rates in files, thus using the way ransomware works — against it. Ransomware opens files and changes files in the system. Protect against ransomware by utilising a solution that can identify a high change rate of modified files on a per-user basis.
If you’re using the 15-minute backup frequency we recommend, you can prevent most of the damage of the attack by simply having this proactive alerting system in place.
4. Lightning Fast Failover
If you are infected with ransomware and have to recover your data and systems, an important concern is to ensure the recovery process is faster and easier than paying the ransom. There could be hundreds of thousands of files infected, and you need to recover them quickly. Your best bet will be recovering the full server, rather than individual files.
Failover technology will give you the ability to boot and run from a backup. But, not all failover solutions are created equal. Only certain solutions give you the ability to boot from the backup and run either on-premise or in the cloud.
With the QCS Disaster Recovery (DRaaS) solution you can simultaneously cloud boot multiple versions of the same machine to determine the safe version to recover, and boot either to the cloud, a virtual environment, or recover to production hardware. No matter what DR solution you choose, it’s so important to understand exactly how the solution plans to failover your applications, and then failback, in addition to how much customization and control you have in the whole orchestration process.
With these 4 recommendations in place, you’re closer to staying protected against the current threats of ransomware. There’s no telling what ransomware attacks will look like in 2018, but we know that Ransomware will continue to get more sophisticated, more intelligent, and more harmful as time goes on. You can’t completely prevent ransomware, but you can keep yourself educated and up-to-date on the most recent technology solutions available. Also, look to the experts to vet and validate what you learn when it comes to ransomware protection.