Freely subscribe to our NEWSLETTER

Ransomware threats reached an all-time high in 2016, increasing by 752 per cent
compared to the previous year and resulting in over US$ 1 billion in losses for
businesses, according to a
study (https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat
– reports/roundup) by Trend Micro and the Zero Day Initiative. This came as the
number of ransomware families - including variants known as Bit Crypt,
CryptoWall, Cerber and Jigsaw - increased from just 29 to 247 in the same
timeframe, while research (https://cyber-edge.com/cdr/) by CyberEdge Group found
that nearly two thirds of organisations fell victim to a ransomware attack
during the year.

This begs the question - how can businesses guard against the rising threat of
ransomware?

The rise of ransomware

The vital ingredient in ransomware’s startling rise is money. The sheer size of
the reward available can convince even people with impeccable moral standards to
commit a crime. Suddenly there is a reason for rogue employees to take a risk
and those with intimate knowledge of a company’s business processes can
purposely target systems containing its most precious data to ensure the
organisation must pay, and pay big.

The other key factor here is that malware has previously been something only
skilled hackers could create, but now the ease of ransomware creation makes the
process almost effortless - making it a simple task for, in theory, anyone with
a computer to drop the malware and wait for the ransom pay-out. Indeed, a
service known as Satan (https://www.helpnetsecurity.com/2017/01/20/satan
– ransomware/) on dark web portal Tor allows anyone to create and configure a
variant of malware and choose from a range of techniques, select a ransom note,
choose a contact preference and track the amount of money they’ve made.

Trojan malware like Locky, TeslaCrypt and CryptoLocker are the most commonly
used variations currently used to attack companies. These often breach security
loopholes in web browsers and their plugins or inadvertently opened email
attachments then, once inside the company, the ransomware can spread at
breakneck speeds and begin to encrypt valuable data. The FBI has
recommended (https://www.fbi.gov/news/stories/incidents-of-ransomware-on-the
– rise) that companies implement a solid ransomware backup and recovery strategy
for effective protection against data loss caused by CryptoLocker or any other
Trojan.

Repelling ransomware

Placing tight permissions on data is all well and good but realistically it will
not help businesses, given that credentials can be obtained with a keylogger or
through social engineering. Instead, to protect themselves against the threat of
insider threats and ransomware, businesses should look to air gapped backups,
which are essentially offline backups that cannot be manipulated or deleted
remotely.

The criticality of the workloads and data within business environments demands a
3-2-1 rule, whereby 3 copies of the company data should be saved on 2 different
media and 1 copy should be offsite.

Here are four options for effective data backup:

1. Backup Copy Job to disk

The first option is to transfer the data from one location to another using
Backup Copy Job. Here, a file is not just copied, but the individual restore
points within the backup are read and written to a second disk destination.
Should the primary backup be encrypted or become corrupt, the Backup Copy Job
would also fail because the vendor would not be able to interpret the data.

In such a scenario, the only hope is that the second backup repository has been
separated from the rest of the IT environment. One could also use a Linux-based
backup repository to secure against Windows Trojans.

2. Removable hard disks

Another option is to use a removable storage device as the secondary repository.
This is usually done with removable hard drives such as USB disks, which aren’t
commonly recommended for security purposes but if stored in a secure location
could be a viable option for avoiding ransomware. In addition, when it comes to
media rotation it is possible to detect when an old piece of media is re
– inserted and automatically ensure that old backup files are deleted and a new
backup chain is started.

3. Tape

The once-condemned tape option is becoming an increasingly popular option for IT
in regards to encryption Trojans. This is because tapes do not enable direct
data access, and thus provide protection against ransomware. Just like rotatable
media, tapes should be exported to a secure location for optimum protection.

4. Storage snapshots and replicated VMs

Organisations can enjoy additional availability and ways to implement the 3-2-1
rule with storage snapshots and replicated VMs. These are semi-offline instances
of data that can be resilient against malware propagation.

Never pay a ransom again

The ability to restore data means no business should ever have to pay a ransom.
However, nothing can be taken for granted in the cybersecurity space, as threats
are constantly shifting and the number of attack surfaces grow with every new
device added to a network.

Businesses must assume it is a case of when an attack will happen, not if. To
remain agile and in control of both new and emerging threats, security must no
longer operate as a silo IT function but rather as a fundamental business
process and enabler.

Ransomware must be prevented where possible, detected if it gains access to
systems and contained to limit damage. But only through a collaborative and
integrated approach, which ensures both security policies and SLAs align with
business objectives, can organisations have confidence their data is as secure
and available as possible. Doing so gives them the best chance of keeping their
organisation one step ahead of the cybercriminals, as they look to realise the
benefits of digitisation.