Server administrator standing in hallway of data center showing ransomware attacks and data backup and recovery

Sophisticated Ransomware Calls for Sophisticated Protection and Recovery

Ransomware attacks on businesses account for billions of dollars lost to cyber criminals annually. The median cost per ransomware more than doubled over the past two years alone. Each day, ransomware is becoming increasingly sophisticated, meaning we should now be viewing ransomware as an endemic, and unfortunately today, no organization is entirely immune to an attack.

This is why taking protection measures early is critical. Organizations that take the necessary action to prevent attacks and protect their data are better positioned to avoid significant recovery costs, business disruption, and negative brand reputation. No organization wants to be in the position when an attack occurs, and they’re scrambling to try and save their data. In today’s evolving attack surface, robust protection measures are essential. Every organization should have the proper steps in place to protect against attackers penetrating their networks in search of valuable data in backups and storage.

Ransomware comes in all shapes and sizes

Today’s threats come in many different forms. Scareware, for example, can involve a pop-up message demanding an organization for payout or screen lockers that block users from logging into their devices. Encrypting ransomware is also on the rise. This tactic involves encrypting files, demanding a victim payout to decrypt their files. Encrypting ransomware is known to cause even more significant damage to a victim.

Another type of ransomware, doxware, also uses lockers that count down to a ransom deadline on a user’s screen. If the victim doesn’t comply in time, they’re faced with their sensitive data being deleted or shared. Now, we’re at the stage of ransomware where hacking groups are offering “Ransomware as a Service,” explicitly targeting higher-profile victims to secure higher payouts. Should an organization face ransomware, its only option is to recover its data.

Best practices to bolster protection

Protection from ransomware is an arm’s race. While it’s impossible to prevent all current and future threats, there are ways organizations can bolster their protection now. The most critical step is ensuring organizations can recover their data from ransomware attacks.

At a minimum, organizations should promote strong password hygiene for all users, in addition to antivirus software and endpoint protection tools in place. However, considering today’s evolving attack surface and tactics taken by hackers, organizations can’t afford to lose out on having data protection and recovery strategies in place. Ultimately, these strategies help reduce the damage of a ransomware attack.

A robust strategy for ransomware protection and recovery should include the following:

  • Immutable storage targets: Previously, this was challenging for organizations to implement. However, modern data protection and backup solutions can offer better protection against ransomware while simplifying the process of creating immutable targets and storage pools.
  • Encrypted backups: Encrypting backups is something that organizations should already be doing in the fight against ransomware. While backups aren’t designed to be accessed routinely – to minimize performance overhead – the security benefits are too valuable for them to miss out on. Encryption simply makes it more challenging for hackers to access data. At the same time, it helps prevent unauthorized access and data leaks altogether, given that encryption keys are stored securely and ensures only the right, authorized users can access.
  • Routine backup verification: Organizations should continuously check their backups’ integrity and verify that automated backups are taking place as they expect them to. Verification isn’t a long process, and the peace of mind knowing that you can recover data is invaluable. Just a few minutes weekly or monthly is enough to ensure backups support any data recovery plans in the event of an attack. IT teams should also have regular automated simulations of their data recovery plan.
  • Access limits: Every individual with access to backups is a potential target, especially regarding stolen credentials. Organizations shouldn’t underestimate the importance of limiting who has access to backups. Doing so minimizes the severity of a data breach. In addition, it is vital to implement multifactor authentication and educate users on choosing secure passwords and not reusing them.
  • Proactive monitoring: Even the most robust antivirus software can’t promise protection against new ransomware variants. However, organizations should have the proper monitoring tools that can identify indicators of data being targeted. These tools are instrumental in ensuring swift action can be taken before damage is done. For example, changes in a backup job or unknown file alterations are a key signal that something is wrong. Should indicators of compromise be picked up by monitoring tools, IT teams can quickly move their data offline or to a “clean room” environment as they investigate the situation further.
  • Last but certainly not least, data recovery planning: If you haven’t already created a formal recovery plan, you should start now and ensure it’s being tested and reviewed regularly. Making sure that backups work as intended is key, including running roleplay scenarios to understand how much data can be recovered within specific systems during an attack. As part of an organization’s business continuity strategy, IT teams should also consider developing a course of action should they ever have to shut down systems entirely when removing malware from the network. The plan should also be clearly communicated and documented so that all stakeholders take the right steps to recover from an attack.

Storing backups on the same network that houses your data will no longer suffice, as malicious software can navigate through the network in search of files to encrypt. Complete data protection involves taking encrypted backups stored separately from files and data used for daily operations, and multiple backups is a best practice. Redundant copies will still be available in the event of an attack, an outage, or an issue with a backup.

No business is safe from ransomware threats, and it’s not a question of if or when, but rather how many times an organization will have to address a ransomware incident. Ensuring data protection is an uphill battle as attacker tools and strategies grow more sophisticated over time, and turning to immutable ransomware protection is critical as it offers organizations secure storage that will ensure data protection and quick recovery following an attack.