May 18, 2017
Not that there was any doubt, but this past weekend’s global onslaught of Ransomware attacks proved that this is a modern-day plague on IT. The WannaCry ransomware locked individuals and organizations out of their data all over the world in what is being called the biggest cyberattack in the world.
In some ways, the massive scope of the attack woke new people up to the ransomware scourge. News channels were full of experts explaining the basics: that cybercriminals use ransomware packages like CryptoWall, TorrentLocker and others to lock systems and demand a ransom in bitcoin in exchange for a decryption key.
To find out more, many leaders turned to the FBI for resources. As you may know, in the past FBI has often advised people to pay the ransom to get their systems back up. For some organizations that aren’t equipped with good BDR, especially when facing life or death situations like hospitals, paying the ransom may be the only option.
But at Quorum we believe that the most successful approach to ransomware involves good recovery options – so we’re pleased that in an announcement issued last fall, the FBI said they now do not support paying ransoms. Their reasoning is as follows: “Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain.”
They added that they do realize some executives will need to “evaluate all options to protect their shareholders, employees, and customers.” But when it comes to sidestepping a skilled ransomware attack, their advice matches up with ours:
A fast and simple backup and disaster recovery system is your best hope of surviving a ransomware attack.
The FBI also advocates for advanced security measures like access control, removing program execution from popular ransomware locations, and training staff to recognize and avoid ransomware delivery methods. Staying current on patches and updates is also critical.
But what really needs to happen is a better BDR solution. The malware isn’t what really dooms organizations to paying hefty ransoms – it’s their lack of recovery options. The FBI underscores this with their advice: “Backups are critical in ransomware incidents; if you are infected, backups may be the best way to recover your critical data.”
We agree, but this weekend’s global attack has made it clear many organizations still aren’t listening. Or they believe their backups are up to the ransomware challenge – only to find they’re not.
Here are the 4 traits of backups that can help you evade a ransomware attack:
To successfully thwart ransomware, teams must use a system that’s quick in three ways. The first: 1-click recovery. A complicated system demanding a dozen steps that no one remembers how to do in a crisis will make you more vulnerable. Use a solution where you’re just one push of a button away from recovery. The second need for speed: your backups must be immediately available, without requiring you to test each one to see if it’s usable. Finally, your backup environments must perform with adequate speed and power. If they’re slowing everyone down and stopping transactions and productivity, you’ll feel pressured to pay the ransom.
A skilled ransomware attack has a seek and destroy mission when it comes to backups. If your backups are stored somewhere easy for attackers to find, you’ve already lost the battle. Backups should be protected from access and encrypted in the event of seizure. Unfortunately, most solutions do not encrypt backups, leaving organizations unprotected. (onQ does, if you were wondering.)
Smart organizations are practicing redundancy with on-premises, offsite and cloud backups. This can be a make or break factor in a ransomware attack; so can automated testing, which ensures each backup is current, viable and accurate. Given how many teams skip or put off manual testing, unusable backups have been a common downfall in ransomware incidents.
Complexity increases the panic that arrives with a ransomware attack. If the team is using multiple solutions, they’re likely to spend too much time trying to make recovery happen (or on the phone with support.) Keep things simple with a unified solution. You’ll have a streamlined recovery process and a consistent relationship with your support team, who will be familiar with your needs when disaster strikes.
We know ransomware is one of your biggest concerns. That’s why Quorum is coming out with new products focused on helping you recover from ransomware in the fastest, safest and most efficient way possible. Stay tuned for more details – and in the meantime, stay protected.