What can be more frustrating than falling victim to a ransomware attack: You sit down at your computer, only to find a black and white ransom note on your screen. All your files have been encrypted and you need to pay a ransom in Bitcoin to get the key that will decrypt them. Not to mention the catastrophic impact it can have. After all, how can you work, when your computer is effectively locked? Such attacks can damage a your company’s reputation.
The number of ransomware attacks is growing: estimates from the German Federal Office for Information Security (the Bundesamt fuer Sicherheit in der Informationstechnik, or BSI) suggest that Germany alone is bombarded by 5,000 attacks per hour. Every successful attack encrypts data, rendering it inaccessible until a ransom is paid.
The increasing prevalence of these attacks is down to two factors – firstly it’s just as simple as introducing a virus to a company, often via carefully crafted emails with attachments that contain hidden executable files. Secondly, ransomware attacks are providing to be extremely lucrative for cybercriminals. An estimated third of affected businesses are paying to recover their data. But even then, there’s a risk: not all companies who have paid up, have been able to regain access to their information. And the recovery process for those that don’t pay, can be extremely expensive. Some estimates say the total cost of damage done in 2017 alone is a staggering five billion dollars.
No business is too large or small to be a potential target. Businesses of all sizes have fallen prey. Even some extremely large organizations have become victims of ransomware attacks. However, the most worrying trend is attacks on small businesses, as well as large organizations with small IT operations such as hospitals. These do not have the resources or expertise to protect themselves effectively. And in the case of hospitals, the inability to access data is actually life-threatening.
Alarmingly, cybercriminals behind the attacks are also getting more sophisticated. Until about a year and a half ago, ransomware attacks mostly impacted individuals. Crime patterns have now evolved to attack user data across entire networks, potentially infecting all connected devices and services, even cloud-based data.
Many individuals consider themselves too smart to fall for phishing attacks that are the usual way of introducing an infection. However, we have heard many stories of extremely well-targeted emails and plausible job applications that convince even savvy technologists or HR professionals to open an attachment, leading to the infection of entire systems.
What can you do to avoid an attack?
The first line of defense is prevention – so deploying effective anti-virus systems is important, as is user education and ensuring that IT administration rights are appropriately restricted. But you also need a solid plan for dealing with the worst-case scenario – that means effectively backing up your data. According to various customer insights, we have observed that around 50 percent of SMBs are not bothering to make daily backups of their data and the same number do not have a backup strategy.
Some of those who do undertake regular backups still rely on cloud storage. Although this provides anytime access to your data, it cannot help if files are accidently deleted. It is also extremely likely that even cloud-based data will become infected by ransomware in your system. Snapshot backups are great as they can take you back to any given moment in time – potentially to before the virus struck, as long as you can keep the snapshots free from infection.
The only real way to ensure that you can use a full, uninfected copy of your user data to restore your systems in case of an attack is by undertaking a traditional backup. This data is then completely physically separated from your production systems. This may involve storing data on tapes held in a vault, or in a remote data center. Do bear in mind that ransomware can lie dormant in systems for some time before it is triggered, so you must ensure that you have weeks or even months’ worth of backup data available to return to a pre-infection time.
A rule of thumb is 3-2-1: keep at least three copies of your data, store it on two different media and keep one backup copy offsite. Also, don’t forget to review the scope of your backup processes regularly to ensure they are able to handle the volume of your data, and that you have a backup history appropriate for your business. You should also ensure that you practice undertaking recovery procedures, so that you will be completely prepared in the case of a disaster or ransomware attack.
Each business has different security and backup requirements. We work closely with customers to take a holistic approach to their security challenges. Our comprehensive portfolio extends from security services, solutions and products – designed to help prevent infection, to an entire data protection portfolio, which includes disk based backup systems and large data center storage solutions, integrated appliances and tape libraries. This broad selection of offerings, combined with Fujitsu’s extensive expertise, allows us to offer a one-stop shop for all security and back up needs – so that you can implement the right solution to address your needs.
For many businesses, it can be a significant time investment to set up an effective backup process that ensures the availability of uninfected files, which is then tested. However, consider the businesses that have racked up losses running into the hundreds of millions of dollars associated with ransomware attacks. In comparison, the upfront effort and cost of ensuring that your business is ready when the worst happens is far from onerous. Being prepared can transform a ransomware strike from being potentially catastrophic into just an inconvenience. And what’s more, you’ll sleep better knowing you are prepared.