Ransomware attacks grew by 600 percent and cost businesses of all sizes £billions in total in 2016. Aside from the obvious cost of paying ransoms to malicious actors to recover encrypted data, organisations can incur costs in the tens of thousands of pounds per day, due to the downtime associated with recovering critical data.
Unfortunately, many of those organisations most frequently and increasingly targeted by ransomware are those who can least afford this downtime: healthcare and other public sector establishments. This is of course evidenced by the massive WannaCry ransomware attack of May 2017 that brought organisations around the world, including most notably the UK's National Health Service, to their knees. This unprecedented attack brought to the forefront the importance of a data backup and recovery strategies that would allow organisations to restore hijacked data with minimal data loss and zero impact on end users. Faced with the urgent need to recover vital systems and data from the grip of the malware, organisations will be tempted and often succumb to the temptation to pay the sum to get themselves back up and running to minimise damage.
Ransoms - what are you getting for your money?
In the event of such an attack, by hastily paying a ransom, organisations often expect decryption codes to be sent immediately and their critical data to be released. In many cases, however, this could not be further from the truth. Ransomware actors are criminals, and perfectly capable of ‘altering the deal' and failing to provide the decryption key once the financial goal of the attacks is reached.
Therefore, the number one rule in these situations is not pay the ransom. But what are options do organisations have? Aside from isolating affected systems and removing them from the network to avoid spread, businesses should ensure they are prepared for disaster with an intelligent, comprehensive, and ready-to-go backup and recovery strategy.
With everything securely backed up and ready to be restored, attackers no longer hold the balance of power, and when planned and executed correctly, businesses completely avoid the need to pay a ransom to get their data back.
When organisations fall victim to ransomware, they must ensure their backups encompass everything - systems, applications and data - so that, in the event their entire network is compromised, restoration will get them back up and running instantly. This approach also mitigates financial loss, brand damage, and productivity consequences often associated with downtime. Additionally, organisations can benefit from replicating these comprehensive backups offsite or on the cloud, out of harm's way, and be able to recover from these locations.
When it comes to restoring data in any disaster situation, what it is that you are recovering needs to be bang up to date if you are to truly carry on as normal. Whilst many organisations have backups, a snapshot from the night before doesn't cut it. They must ensure their backup technology is taking snapshots on an hourly or, ideally, five-minutely basis, with these backups ready to spring into action at a moment's notice.
The temptation to pay a ransom will remain for management and IT teams if they are faced with a lengthy restore process causing extended downtime. Especially with limited IT resources, many organisations will face situations where their systems take hours to restore to a usable state and allow them to work as normal. Rather than having to wait until an entire system is back up and running, organisations should invest in a recovery solution that allows users to access and use files and applications from the backup on-demand, as if nothing happened.
Ransomware is still a grave threat to organisations, and IT teams should augment good backup procedures with additional security solutions to avoid infection in the first place. However, with advanced and effective backup and recovery, organisations can soften the blow significantly, avoiding the financial costs of ransomware and the crippling downtime that can come with it.Contributed by Adrian Moir, lead technology evangelist, Quest Data Protection
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.