Are You Prepared for Ransomware?
Combating Ransomware: When it comes to tackling ransomware, preparation is KEY!
What is ransomware?
Ransomware is a real and present danger for all kinds of organisations, all over the globe.
It is a type of cyber-attack in which a hacker infects malware onto a company’s computer systems, encrypting the data and locking all access to it until a ransom is paid. It really has one goal in life and that is to export money from its victims!
Let’s talk money …
Last year we saw one of the biggest pay-outs over for ransomware and it was an eye-watering $50 million, for PC manufacturer ACER (IT Pro). However, it’s not just paying the ransomware that makes up the total cost, you also have to take into consideration the recovery costs and according to Sophos’s State of Ransomware 2021 Report the ransomware remediation cost has more than DOUBLED since the previous year, with the average costs being $1.85 million and from those that paid a ransom, only 8% of the companies managed to fully restore their lost data.
Why is ransomware becoming more and more relentless?
There are many more ransomware operations out there now, they are also far more sophisticated in the attacks that they carry out and the pay outs are much higher.
Not only that, but the way in which we operate now is much more ‘connected’ and insecure than we ever have been. The shift on how businesses have had to operate, mainly having to transition to a remote working model (especially during the pandemic), means that there has been an even bigger increase in ransomware. In fact, there has been a HUGE 105% year- on-year increase in the number of ransomware attacks (SonicWall)! One of the main reasons for this is that employees are now accessing company files and data outside of the secure perimeter of the corporate network, making it easy pickings for cyber-attackers to do their worst. And not only is there that to worry about, but the number of malicious emails circulating were up 600% during the pandemic period (ABC News) – meaning that the chances of people getting infected were a lot greater overall.
With the increase of attacks and new strains of threats on the rise, the consequences of not being prepared are serious and costly. Companies need to ensure that they are fully prepared by taking the right precautions to protect their data and stop the cyber-criminals right in their tracks.
How can you be prepared for ransomware?
Cyber Security Solutions
Firstly, you need to look at your cyber security and your first line of defence as whole. Ransomware is a type of cyber-attack, therefore having robust network security is essential, to be able to recognise early indicators before they develop into something more sinister – so make sure to always keep firewalls, anti-virus software, and endpoint detection up to date!
A multi-layered approach to ransomware can really enhance the prevention, extending visibility and protection across the entire network. Instead of constantly reacting, security vendors like our partner Cynet allows you to prevent ransomware, and then diminish its impact if it does manage to break through your defences.
Employees are officially the weakest link in an organisations network, therefore ensuring that your employees are thoroughly trained on ransomware and security awareness is one of the most effective ways in which you can protect your business from a ransomware attack. It’s hard to believe, and as a result can quite often be overlooked, even when employees everyday routine tasks like checking their emails can put a business at risk of being exploited. Did you know that 91% of successful data breaches started with a spear phishing attack? (KnowBe4). With facts like these and sophistication in phishing and ransomware attacks rising, employee security awareness training has never been more important!
To be in the best position to survive a ransomware or cyber-attack, you need to have an Incident Response plan in place. This is where you can utilise your security service provider’s extensive knowledge to look for gaps in your security, where ransomware malware could infiltrate your network. At Covenco365 we will put together a bespoke Incident Response plan which is best suited to your particular business needs, we will then thoroughly test the plan and present back any recommendations, so if the worst was to happen you can be ready to bring the situation back under control.
To be prepared for a ransomware attack you should have a Disaster Recovery plan in place – to wait until an attack happens, is too late and you will likely lose your data or must pay a hefty ransom. To have a robust DR strategy means that you have a documented process in what to do should disaster strike and leaves you with a better chance of recovering. Covenco365’s Disaster Recovery services provide consistent and continuous recovery and replication of all business-critical workloads, to ensure minimal downtime, so your business will be back up and operating in no time!
Don’t Forget Backups … Automated and Regular Backups!
When it comes to ransomware, it holds no bars, and it will target backup servers once they force their way into an organisations network. They know that if they can disable or delete the backups, that they stand a much better chance of being paid a ransom. Backups really are the only guaranteed way to save your data after a ransomware attack.
3-2-1 Backup Rule
In order to protect backup data, you should look to adapt the 3-2-1 backup rule. It is a long-standing best practise for all backup and recovery strategies. At Covenco365 we have taken the rule a step further and have always insisted that any backup solution should meet the 3-2-1-1 backup principal (3 of copies of data, across 2 different media types, 1 copy offsite and 1 copy offline).
It is essential to implement automated, REGULAR backups so that you will always have a safe version of your data backed up and available. There are several best practices that you should follow when it comes to your backup strategy, to allow maximum protection and recovery if the worst was to happen – they include:
It is imperative for any business to have a good local backup for their data. The design should ensure that the backup infrastructure is resilient and scalable. Ensure is possible, that your local backups are stored on an Immutable backup platform using backups software that support such features like Veeam Backup & Replication and their hardened Linux repository. This will be your 1st line of recovery and if that is Immutable, then you are always reassured that should you be compromised, your backups cannot be encrypted, changed, or deleted.
Online Offsite Backups
To protect against all disaster scenarios, Offsite Online backups provide you with an offsite copy of data for recovery at an alternate location. We often find that any organisation that has suffered from a Ransomware attack will immediately try to understand, how they have been breached and how far the breach has spread across their network. During this time, the business is largely immobilised and the longer this continues the more the business will suffer financially and reputationally. Ensuring an offsite copy to recover from is an extremely important part of the overall business continuity plan.
Offline or Air-gapped Backups
By keeping a secondary offline, or air-gapped backup of your data, it ensures additional recovery options in the event of a ransomware attack – It is pretty much impossible for ransomware to infiltrate through as it is completely unreachable. A simple and effective way to achieve this is through a Tape Backup Service – it is a great option for long term data retention is still the most cost effective method, especially with larger data volumes.
Immutable backups have got to be the most efficient protection against ransomware! It ensures your data is always recoverable, as it cannot be deleted, changed, or altered in anyway. So even if your legacy backup systems are attacked, you will always be able to recover your immutable, untouched data.
Test, Test and Test again.
With data so valuable, it would seem ridiculous to not test all of the procedures and solutions that you have worked hard to put in place. If a test was to fail, at least the problem can be fixed before your data is lost for real … and maybe forever!
Another top tip … Don’t forget to ask the Experts!
Covenco365 is an IT services provider who partners with the leading security and data protection vendors to provide world-class infrastructure and security solutions to our customers. Our team has over 20 years’ experience helping organisations to put in place bespoke data protection and management solutions that work for them and their unique set of circumstances.