How to prevent Ransomware running off with your cash
Sep 28th, 2016

Nigel Tozer, Solutions Marketing Director for EMEA at Commvault

By Nigel Tozer, Solutions Marketing Director EMEA, Commvault

The 2016 Global Risk Report created for the World Economic Forum in Davos sighted cyber attacks as the top risk to businesses in eight of the world leading economies, including the USA, Germany and Switzerland.[1] Indeed, more than half of UK businesses now expect to be hit by some form of cyber attack, and recovery costs could be £1.2m or more.

Ransomware in particular has started causing businesses real trouble. The first wave started in 2005 and was called Trojan.Gpcoder. Now the security industry (and many unfortunate users) are discovering new variants of ransomware almost every day.

According to the FBI, the CyrptoWall strain stole more the $18m between April 2014 – 2015. Even the FBI recommends that it is easier to pay than fight. So, if agencies of that stature won’t fight back, are all businesses simply at the mercy of ransomware? Or are there things you can do to help your business mitigate the effects?

The game is always changing

Everyday the security industry is creating new ways to detect threats to our data, and protect it. However, organised criminals are increasingly turning their attention to businesses, that offer bigger returns than going after individuals. The key strains of ransomware getting the most attention are CryptoLocker, TeslaCrypt and CryptoWall and for now it seems that the bad guys are a step ahead.

When your data comes under threat, the natural, knee-jerk reaction is to beef up security, but this is pretty hard to do effectively. It only takes one user to get duped into installing some new code and your whole network can be compromised. So added security might provide better protection from ransomware getting into your systems in the first place, but once it is in, is your only choice to pay or lose all of your data?

A bigger fence isn’t always the answer…

If your data is held hostage by ransomware, wouldn’t it be better if you could simply revert back to untainted data from before the infection? Effective and comprehensive data management solutions that do exactly this should therefore be an urgent, preventative priority, regardless of your industry. While many organisations put in place data protection for their datacentre and roll-out endpoint security, endpoint data protection is often missed completely.

To use the fence analogy; if you consider computer security as a fence around your valuable data, it is still vulnerable to the same things as a real fence – brute force attacks, or breaches going under or over it, not to mention users forgetting to lock the gate, or just holding it wide open for the bad guy to walk in. User actions are still the biggest risk, no matter how good your fence or security strategy is.

Luckily in the digital world, unlike reality, you can keep copies of your valuables – which will always be just as valuable as the orginals. When security fails, a comprehensive organisation-wide safety vault (AKA backup) could save your business, or at the very least, a big pile of very expensive Bitcoins.

The cloud won’t always cut it

When files are encrypted by a ransomware attack cloud sync and share tools aren’t something you can always rely on. This is because they replicate the encryption, so your cloud copies are just as likely to be as scrambled as their originals. The other issue with cloud syncing services is that they typically don’t cover all of a user’s data and may not always have retention policies that pre-date the attack, especially if it’s to free cloud storage or cloud offerings targeted at consumers.

As a result of a ransomware attack you could be left with no choice but to either pay the hefty ransom, or say goodbye to your data.

In the event of infection, if you’re not going to pay-up, just removing the malware isn’t enough. You need to be able to restore your data from a backup prior to the attack. Unless you’re properly prepared, this isn’t a trivial task if many systems and user devices are affected. Whilst this might mean losing a few weeks’ worth of data, it is nominal compared to the impact of losing all your data permanently, or paying out huge sums of money to get it back. Of course, only your organisation can make this difficult decision.

Another factor to consider is that while endpoint data protection may seem like a big step to take to combat ransomware, choosing the right system can boost productivity and reduce other security risks associated with unsanctioned sync and share in the cloud.

So if even law enforcement agencies don’t have your back, it’s good to know there are steps you can take that not only offer an escape route, but also have many surprise benefits. | Commvault Press Office.