From news headlines to television sitcom story lines, ransomware has become a major player in the world of IT security. High-profile attacks against enterprises are on the rise, their numbers dramatically increasing every year with nearly two-thirds of organizations surveyed reporting an attack in the last year, and 22 percent reporting weekly attacks.
Ransomware is a profitable criminal endeavor (a 2016 survey estimated $1 billion each year, but current numbers are surely much higher) by individuals who don’t hesitate to damage public institutions and private enterprises—and they’re not going anywhere.
What’s needed to fend off this Ransomware epidemic?
Best practices and tools to:
- Prevent or mitigate attacks
- Protect data and backup data
- Recover reliably
In this blog article we’ll take a look at how you can find and implement those practices with Veeam’s Hyper Availability platform.
What is the business impact of a ransomware attack?
Data and systems unavailability triggers a domino effect of other technical and business consequences. Research by ESG found that 71 percent of surveyed organizations could not tolerate more than one hour of downtime for their high-priority applications, which are frequently the ones targeted by ransomware.
In addition, from a recovery point objective (RPO) perspective, 51 percent of organizations surveyed report that losing just 15 minutes of data from their high-priority applications is the maximum they can tolerate without significant business impact. This downtime and data loss can take months or years to recover from, and that’s before considering the loss of customer confidence and direct revenue.
Best practices and technologies for ransomware attacks
To fend off ransomware attacks, there are recommended cybersecurity and backup and recovery best practices.
End-User Education, Intrusion Testing, and Mock Phishing
Conducted by a third-party cybersecurity partner, these steps are invaluable—especially with less experienced staff.
Email and Web Controls
Given the likelihood of infiltration coming from these areas, controls are crucial. To establish a first line of defense, use tools that can identify and block illegitimate phishing email, scan for known ransomware or malware in emails, and isolate attachments for analysis. This effort should encompass native cloud applications such as Office 365. Web controls can be used to analyze a website’s reputation and block known bad URLs, and they can scan for malicious downloads and browser exploits.
Endpoints are often the attack vector for introducing ransomware, representing a need for a set of robust countermeasures. Endpoint security controls that employ multiple detection technologies to prevent file-based and file-less ransomware, as well as other types of malware, are critical.
The effort begins with establishing protection across all ports and protocols, and monitoring all traffic on the physical or virtual network. It can be complemented by detection methods such as sandbox analysis for new and unknown ransomware.
Servers, especially database servers, have also become targets for ransomware attacks. They require the use of technologies to scan for ransomware and other forms of malware and controls to maintain system integrity. Being diligent about maintaining a patching discipline is a clear best practice, but it comes with an operational impact for many organizations and does not prevent zero-day attacks.
Backup and Recovery
Beyond employing cybersecurity best practices, backup and recovery is an important component to ensuring uptime. Best practices include:
- Training IT staff, especially the backup team, with regular training on security, networking, and best storage practices.
- Following the 3-2-1 rule, which requires three copies of company data be saved on two different media formats, one of which is kept offsite.
- Managing access controls and using different credentials for backup roles and permissions to access the backup application, data store/repository, and network.
- Looking for a solution with behavioral alerting capabilities that can notify an admin about a possible ransomware activity flag.
Veeam’s Hyper-Availability Platform To The Rescue
Veeam’s Hyper-Availability Platform offers data availability to enterprises no matter where the data lives – on-premises, in the core data center, in remote offices, or anywhere in the cloud. It is perfectly suited for ransomware protection with a keen focus on both data centers and endpoints.
On the data center side, Veeam allows organizations to restore data infected by ransomware to a known-good state. End-users can also leverage the Veeam Availability Suite to perform quick and granular restore operations for databases, applications, files, and operating systems.
The suite provides one-click file-restore capabilities for storage snapshots, which can be useful for fast recoveries of critical files. Veeam has also integrated with many storage vendors to accelerate performance and recovery capabilities.
Ransomware is here to stay—be prepared!
Unfortunately, ransomware isn't going anywhere. As hackers evolve their methods, ransomware will only continue to pose a growing threat to enterprises around the world. The business risk is potentially devastating and needs to be managed with a combination of best practices and the right tools. Contact WEI to begin strengthening your response and protecting your organization today.
NEXT STEPS: Protect your enterprise with network security tips in our tech brief, 'Using network segmentation to manage malware and ransomware risks' below!