This week’s guest blog is from Arcserve’s Anthony Parry, who explores what ransomware attacks are, the rising threat to businesses and how to prevent ransomware attacks from damaging your IT infrastructure.
The risks of getting hit by ransomware are increasing, and unfortunately so are the number of successful attacks as law enforcement struggles to track down cybercriminals. In fact, just this week Easy Jet announced they were hit with a sophisticated cyberattack stealing nine million customers’ personal information.
Hospitals and pharmaceutical companies have also been targeted in recent years and continue to be affected even through the COVID-19 pandemic, despite ransomware authors stating they would not target the healthcare industry. This shows that like a virus, ransomware attackers do not discriminate and anyone is at risk, so your business needs to be protected.
What are ransomware attacks?
Ransomware is a form of malware — malicious software that’s designed to cause harm to your computer or IT infrastructure. The malware attacks your operating system and prevents you from using your computer by locking you out of your device or accessing certain areas of ‘infected’ data. The name ‘ransomware’ comes from the ransom that attackers demand in order to return your stolen data, or to regain access to your network.
Monetary gain is the main driver of an attack, and an attacker holds data until the ransom is paid. One source suggests that incidents hit $11.5B (£9.3B) in 2019. We have already heard how organisations have paid incredible amounts to release their data for example, Travelex, so understanding how to prevent ransomware attacks is essential.
What are the implications of a ransomware attack?
There are many impacts to a business from an attack – loss of revenue whilst down, loss of funds if paying the ransom, impact to reputation – these are all obvious impacts. The less obvious side effects include the risk to the business leaders should the impact affect share prices or creditors for example.
We haven’t seen it yet, however, it has been suggested that business leaders might be at risk of litigation if they knew there was an issue but didn’t act. Data protection laws such as the introduction of GDPR means that data security is now taken extremely seriously and any security breaches can result in large business fines.
Ransomware can also have disastrous effects on customer loyalty. A failure to protect customer’s data will only encourage them to take their business elsewhere, it’s unlikely they will stick around and wait for you to recover, which is explored in this report.
Will paying the ransom make a difference?
Understanding how to prevent ransomware attacks may be important, but so is knowing what to do should you find yourself in a position where your systems have been compromised.
Historically, ransomware demands have been quite low to entice businesses into paying so they can get their systems back. However, recently we have seen ransom sums increase as businesses become more desperate to get their IT infrastructure back online.
Until lately, statistics suggested that only 50% of encryption keys work even if you pay. But we are now seeing an increase in data being released after payment which in itself is fuelling more attacks, as businesses become more willing to pay.
Revealing stolen data is also on the up, as shown by the recent attack on the law firm Grubman Shire Meiselas and Sacks and ‘leak sites’ are being used more and more to force the arm of the victim into paying. However, all cybersecurity agencies such as National Cyber Security Centre (NCSC) and Interpol advise against paying the ransom if cybercriminals try to extort money from you.
In fact, research suggests that paying ransom money can actually increase the cost of recovering from a ransomware attack. The report found that when the impacts such as downtime, lost orders and operational costs were taken into consideration, the additional cost of paying the ransom almost doubled the overall cost of recovery.
Arcserve Unified Data Protection: Protect your business against ransomware attacks today!
Ransomware-as-a-Service: A new threat
Over the last few years, the cloud has gathered momentum and is being widely adopted for either running business-critical systems (such as Office 365 and CRM systems) or as an ideal backup and disaster recovery (DR) repository. Unfortunately, it is also being used by ransomware authors for Ransomware-as-a-Service (RaaS).
Similar to using a Software-as-a-Service (SaaS) platform, RaaS enables attackers to access ransomware tools through a platform and launch attacks on businesses. They would either pay a subscription fee for using the platform or their ransoms would be paid directly to the RaaS author, who would take a percentage cut as a fee and release the rest of the funds to the user.
These types of platforms are making ransomware attacks easier than ever as ransomware attackers upscale their operations from small phishing scams to a RaaS model that focuses on attacking huge businesses, highlighting the importance of data protection in today’s digital world.
How to prevent ransomware attacks
With attacks using ransomware becoming more sophisticated than ever before, it’s essential to put measures in place to prevent cyberattacks from happening. Here are some tips to safeguard your data.
Use the 3-2-1 rule
Always follow the 3-2-1 rule of data protection:
- 3 – Create three copies of your data, one primary and two backups.
- 2 – Use two types of storage media for your copies (e.g. local drive, network share/NAS, tape drive)
- 1 – Store one of these copies offsite (cloud storage).
Using this rule, you are able to minimise the potential damage from a ransomware attack on your business. You also ensure that if an attack does occur, you can not only isolate and eliminate the attack, but safely restore your compromised data from a backup.
Regular and disconnected backups
Attackers are increasingly targeting backups to ensure the target cannot simply recover without paying. Additionally, insurers are now looking at regular and disconnected backups from the network or else they will look less favourably during the underwriting process. This is why you should ensure that you have serious security measures incorporated into your backup system.
Disconnected backups are now an essential part of any data protection strategy — if you can see the backup on your network, so can an attacker and attacks on a whole network have become more common, so it’s important to safeguard against it. Disconnected backups help ensure that any attack on the network won’t spread into all your data copies, enabling you to restore any data that was compromised.
While the introduction of immutable backup is helping combat ransomware attacks in the cloud, it’s always best to make sure you use more than just the built-in security software from the backup vendor to protect against potential threats.
Leverage network services’ security features
To stop ransomware from entering your network, you can set up security features that will help filter out any potentially malicious content. Some safeguards you can implement that the NCSC suggest are:
- Apply filters to only allow the file types you would expect.
- Block websites that are known to be malicious.
- Actively inspect content that enters your network.
- Use signatures that will block known malicious code.
- Use mail server filters to block malicious emails or content, including phishing emails and harmful email attachments.
- Block known malicious websites through interception proxies.
- Use internet security gateways to inspect content for malware (including encryption ransomware).
- Implement safe browsing lists, to stop users entering sites that are malicious.
Organisations within the public sector can also subscribe to the Protective Domain Name Service (PDNS) which has been set up by the NSCS to prevent users from accessing sites that are known to be malicious.
In the event that a ransomware attack does occur, you can use these tips to limit the impact of a ransomware attack.
Don’t rely solely on cloud syncing
Cloud syncing is not a good alternative to backups if you want to have a chance of avoiding the consequences of a ransomware attack. Cloud storage services like Dropbox, OneDrive, Sharepoint, or Google Drive should not be used as your only backup.
These types of services automatically synchronise data and so any data that has been compromised will be synced and all subsequent copies will be compromised. This only emphasises the importance of the 3-2-1 rule mentioned earlier.
Every 14 seconds there is a ransomware attack – during the time it took you to read this article how many attacks could have taken place and worse still, could it be your IT systems? Hopefully, you now understand how to prevent ransomware attacks and can use the above tips to implement a data protection strategy that will safeguard your business from any potential threats.
