Popping up on prime time television and local news reports, ransomware is so commonplace it has practically become a household phrase. The frequent attacks have made it a focus area for many enterprises because high-profile attacks against them have risen dramatically in the past few years.
According to ESG research, nearly two-thirds of surveyed organizations across North America and Western Europe have experienced a ransomware attack in the last year, with 22 percent reporting weekly attacks.
Recent high-profile attacks include the Pennsylvania Senate Democrats who ultimately paid $700,000 to rebuild their IT infrastructure from scratch, a fetal diagnostic lab in Hawaii which compromised the records of more than 40,000 patients, and the Bristol Airport in England who resorted to using paper posters and whiteboards to announce check-in and flight information after they lost all in-house TV screens.
The Impact Ransomware Has on Enterprises
The consequences to these organizations and others are far reaching, not only having a negative impact on the confidence of their employees and consumers, but also potentially destroying mission-critical data that can’t be reproduced easily or without major financial repercussions.
Even in cases where an enterprise might choose to pay, the ransomed data would likely be considered too risky or corrupted to use – if it was even released at all.
Also to be considered, the real-time impact on companies while their information is being held. Data and systems unavailability can trigger a domino effect of other technical and business consequences. ESG research found that 71 percent of surveyed organizations could not tolerate more than one hour of downtime for their high-priority applications, which tend to be the same ones primarily targeted by ransomware.
Additionally, from a recovery point objective perspective, 51 percent of organizations surveyed by ESG report that 15 minutes of data lost by those same applications is the maximum they can withstand without significant business impact including:
- Loss of Customer Confidence
- Direct Loss of Revenue
- Missed Business Opportunities
- Loss of Employee Confidence
- Damage to Brand Integrity
- Reduced Stock Price
Best Practices To Avoid Ransomware Attacks
While there is no magic solution to completely avoid ransomware attacks, there is an opportunity to implement systemic and resilient IT measures and best practices to mitigate the dangers.
To fend off attacks, there are several recommended factors and activities to focus on:
- End-user education and mock phishing done by a third-party security partner can educate all staff, but especially less experienced, on how to identify suspected attacks or malware.
- E-mail and web control are crucial, especially as email phishing is the most likely entry point for an infection. Use tools that can identify and block suspicious e-mail, scan for known ransomware or malware, and isolate attachments for analysis. This is vital for native cloud applications like Office 365.
- Endpoint security controls that prevent file-based and file-less ransomware, as well as other malware, are highly effective. Only allowing known-good software on employees’ endpoints significantly reduces the risk of an executable wreaking havoc and spreading via the network.
- Network-based controls are vital in preventing the spread of ransomware by protecting all ports and protocols, and monitoring all traffic on the physical or virtual network.
Finally, a focus on incident response and preparedness must be front and center to thwart or recover from an attack. Enterprises should test their incident response plans, including the ability to effectively restore production systems and data.
Best Practices For Backup And Recovery After A Ransomware Attack
Beyond cybersecurity measures, backup and recovery are important to ensuring uptime and need to be optimized. Best practices include:
- Training IT staff and administrators who are regularly in close proximity with and have access to critical infrastructure. Consider a dedicated backup team; making sure there is a cadence for training on security, networking, and storage best practices.
- Follow the 3-2-1 rule, which requires three copies of enterprise data saved on two different media, one of which is offsite. For an additional layer of security, one copy of the storage media should be kept completely offline, or air-gapped, without direct access to the internet, any IT network, or any other computer.
- Manage access controls and use different credentials for backup roles and permissions to access the backup application, the data repository, and the network. Using a different file system for backup storage can also help stop the spread of ransomware.
How Veeam’s Platform Can Be your Secret Weapon for Ransomware
Veeam’s Hyper-Availability Platform offers data availability to enterprises no matter where the data lives. It is perfectly suited for ransomware protection with a direct focus on data centers and endpoints.
On the data center side, Veeam allows organizations to restore data infected by ransomware to a known-good state. End-users can use the Veeam Availability Suite to perform granular restore operations by databases, applications, files, and operating systems, but it is likely complete recoveries will be needed to restore systems affected by ransomware. Veeam also provides advanced protection for popular online applications like Microsoft 365.
Endpoints can be a first line of defense from a cybersecurity perspective because they are often the primary entry point of ransomware attacks. Veeam Agent for Linux and Veeam Agent for Microsoft Windows are solid backup tools for laptops and PCs that provide image-based backup and recovery for non-virtualized systems.
Ransomware Is Here To Stay
Ransomware is going nowhere fast and will continue to grow as a threat to enterprises around the world, creating an ever-evolving challenge for cybersecurity and data protection professionals.
Ransomware needs to be managed with a combination of best practices and tools spanning a wide array of technologies. Even the best prepared organizations are vulnerable to data and system availability failures caused by cybercrimes, which makes the role of backup and recovery technology and related practices even more vital.
Optimizing data and systems availability requires careful planning and a strong set of tools to recover assets and services in a timely fashion with limited losses. Veeam’s Hyper-Availability Platform does just that, and has already helped numerous enterprises to a successful recovery.
Learn how network segmentation can also be a helpful strategy for mitigating cybersecurity risk in our paper, Using Network Segmentation to Manage Malware and Ransomware Risk.