Existing tech is stripping ransomware of its power

Ransomware: the word on everyone’s lips in 2016. And unlike some of the other hot topics of the last 12 months – Batman vs Superman anyone? – it’s not all hype.

According to the Federal Bureau of Investigation, ransomware attacks, where systems are hacked, then data is encrypted and held hostage until a ransom is paid, will continue to rise.

In 2015 alone, the US Internet Crime Complaint Centre reported 2,500 cases of ransomware, costing victims $24 million.

The San Francisco Municipal Transportation Agency was targeted recently, resulting in a free ride, literally, for thousands of users.

The situation is mirrored in the UK – figures from security software firm Malwarebytes suggest more than half of businesses here have already been hit.

Until now, all emphasis has been on security: stopping attacks before they happen. But it’s becoming clear that this isn’t enough.

>See also: How to minimise the impact of ransomware

Ransomware attackers exploit the very same encryption technology designed to protect sensitive data and use it to aid their attacks.

As a result, a new movement is underway, a movement towards robust data backup and recovery planning, to work in tandem with security measures.

When you think about it, this trend towards a co-ordinated backup and security approach should come as no surprise. If data is properly backed up, ransomware loses its power.

A hacker can’t hold data to ransom if the organisation has a perfect copy somewhere else that can be restored at a moment’s notice.

A sound threat detection solution is still essential: quite simply it reduces the impact of a ransomware attack. But organisations are starting to recognise that, even with the very best protection, ‘click-happy’ employees leave them vulnerable.

Once someone opens a rogue link, ransomware can spread, encrypting hundreds of thousands of files in minutes. So educating staff, explaining to them what ransomware is and how it can be delivered, is also a top priority.

But when all else fails, an advanced backup and recovery solution offers a critical line of defence.

Run hand-in-hand with regular backup testing – where technology is put through its paces to make sure it can withstand an outage – the majority of losses can be avoided and ransomware becomes a much reduced threat.

There is going to be a rising numbers of organisations who turn their attention to backup and recovery as a further defence in the fight against ransomware.

That doesn’t simply mean a rush on backup technologies, because on their own they offer limited protection.

Instead it includes a rethinking of the whole backup and recovery process: an increase in regular backups, more stringent service level agreements (SLAs) and a shift towards thorough protocol testing to help businesses get critical systems up and running quickly after an attack – no ransom required.

>See also: How to protect your organisation from ransomware

It’s a renewed focus on restoring data that’s important too. Most companies can survive a short period of downtime, but permanent data loss is far more problematic, particularly if that data is crucial for the organisation to properly function.

So accompanying the move towards fail-safe backup is a growing awareness of the restoration process and the most efficient, real-time methods to retrieve backed-up data.

Already businesses are seeing backup strategies that rely on multiple technologies and platforms for recovery and this trend will continue: not least because it offers a variety of opportunities to restore data, however that data has been held to ransom.

The recognition that backup and recovery technologies have a crucial role to play in the fight against ransomware will affect the way that vendors approach their customers.

As experts, they are well-placed to offer sound advice when it comes to using their technology to protect against attacks, and we’re going to see increasing numbers striving to make their solutions work under this kind of pressure.

Remember, the technology is already there, it’s really just a case of reorienting it towards being prepared for an attack.

Beefing up SLAs and making sure data can be restored as quickly as possible will be high on the action list of any vendor: the quicker and easier it is to access business-critical data and systems; the less damage ransomware attacks will create.

>See also: 6 steps to protect your company from crypto-ransomware attacks

In turn, there will be customers demanding more from their vendors – as they should.

As organisations become increasingly aware of the threat posed by ransomware, that it’s not just something that happens to somebody else, and as they learn more about the protection offered with a sound backup and recovery solution, ransomware mitigation will become a topic for discussion in the pre-sales stages.

It won’t be an afterthought when a new solution has been implemented. A good vendor will listen and provide insight into the best ways forward.

That’s because recovery strategies do work when it comes to fighting ransomware. No business, large or small, is immune to or can afford an attack.

And while they can, and should, defend themselves with proven threat detection solutions, increasing numbers of organisations are recognising that ultimately ransomware is a data recovery / restoration issue.

Given that all organisations should have data protection and recovery technologies and strategies in place, it makes sense to make them work harder.

 

Sourced by Christophe Bertrand, VP product marketing, Arcserve

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...