The best way to protect yourself against ransomware is to ensure you have high-quality data in a backup that can be restored. Below we examine some of the most important factors to consider.
Ransomware is the fastest-growing cybercrime threat today. Last year, ransomware attacks outstripped theft of payment card information, according to security firm Trustwave.
Sophos’ research shows that half of the businesses had their data encrypted in 2019 by ransomware, with the attackers encrypting data in 75% of cases. Although most organizations recovered their data, twice as many did so from backup rather than by paying the ransom, and the cost to them was much less than what it was to those who paid up.
It is essential to have robust and well-tested backups in order to avoid ransomware demands. This means frequent, thorough, and comprehensive backups should be performed, possibly even “air gapped”. It also means that backup policies and practices should be reviewed and tested regularly.
Using this article, we cover the top five things organizations need to get right with backups to ensure protection from ransomware.
In recent years, ransomware attacks have become more targeted and potentially more damaging. In terms of attacks, cyber security organizations have seen fewer, but what they have seen is a shift from “mass market ‘spray and pray’ desktop ransomware” to targeted attacks aimed at businesses.
Regardless of its target, ransomware typically consists of three main components: the initial attack or delivery of the malware payload, encryption of the target’s data, and communication back to the attacker.
Malware attacks organizations in different ways and social engineering plays a key role: One-third of ransomware outbreaks result from users downloading malicious files or clicking on malicious links in emails. Besides direct server attacks, malware attachments to e-mails, and cloud resources, ransomware can also be spread through direct attacks on servers.
According to the National Centre for Cyber Security, an increasing volume of ransomware originates from exposed remote desktop protocol (RDP) services or unpatched remote access devices.
Mail filtering, malware scanning, firewalls, and network monitoring are all security tools that can help, as can patching and limiting network users’ access privileges.
The most effective way to protect data is to use a robust backup solution.
The top five ways to protect yourself from ransomware: Using backups
- Ensure backup policies are up-to-date
The best defense against malware is to be able to restore data from a clean backup. Although an organization may pay a ransom, there is no guarantee that the attackers will give them the key. Restoring from backups is more reliable, cheaper, and does not require giving money to criminals.
However, backups will not work without being robust and comprehensive. The CIO should thoroughly audit every single location where the company’s data is kept. Whether locally or in the cloud, it is all too easy to lose critical data from a backup plan, no matter where the data is stored.
Given the move towards remote work during the Covid-19 pandemic, this is all the more important.
The following questions should be asked:
- How often are end-user systems backed up?
- Are temporary or consumer-focused cloud data stores included in the backup plan? Cloud storage should be resilient against physical failure, but it will not guarantee protection from ransomware that infects files.
Best practice for backup remains the 3-2-1 rule: make three copies of data, store across two different forms of media and keep one copy off-site. To protect against ransomware, the offsite backup should be isolated from the business network.
2. Air gap business data
The cloud presents an attractive technology for storing long-term data backups, and in some quarters, it has replaced physical backup media such as optical disks, portable hard drives, and tape.
While cloud storage provides physical protection against disruptions such as hardware failures, power outages, or fires and floods, it does not automatically protect against ransomware. Due to its shared infrastructure, cloud storage is vulnerable on two fronts: through connections with customer networks and through connection with customer networks.
Analyst Fred Moore of Horison Information Strategies warns that cloud providers are vulnerable to ransomware attacks.
“Attackers now specifically target cloud services as they no longer need a password to get access to cloud data,” he says. “They simply steal the credentials and delete or encrypt an organization’s cloud backups using a man-in-the-middle-attack.”
CISOs take advantage of the ability to back up their cloud data to tapes or other mechanical media to supplement cloud backups. While the cloud can serve as an offsite backup, keeping another copy of your data on tape, and keeping those tapes strictly offline, is the most reliable method for protecting against ransomware.
3. Regularly back up and review retention policies
It should go without saying that organizations should regularly back up their data.
CIOs should review policies for frequency of backups, particularly how often data is backed up to off-site locations (including the cloud) and mechanically separated media, such as tape. Frequent backups might be necessary.
It is also crucial for IT teams to review how long they keep backups, especially on air-gapped media. Frequently, ransomware uses time delays to evade detection or “attack loops” on seemingly clean systems.
For organizations to find clean copies, they might need to search multiple backup generations, requiring more copies and perhaps more extended retention periods. Separating backups for critical business systems should also facilitate recovery.
4. Ensure that backups are clean and robust
Even though it is challenging to ensure backups are malware-free, organizations should make sure that their backups are virus-free.
Maintaining up-to-date malware detection tools and patching systems is essential, and strict air-gap policies are adopted, such as removing media as quickly as possible.
For extra protection, companies should consider write once read many (WORM) media such as optical disks or tape configured as WORM. Some suppliers now market WORM-format cloud storage.
Furthermore, data access controls are a safeguard. By using tools such as Windows 10 Controlled Folder Access and limiting user access to critical data stores, you can prevent the spread of ransomware and add security to backups.
5. Test and plan
Test all backup and recovery plans. In order to calculate recovery times and determine whether data can be recovered, this is essential.
Air-gapped, off-site media are best practices, but how long will it take to restore systems? Which systems should be prioritized for recovery? Is it necessary to separate networks for recovery purposes?
Ideally, CIOs should use duplicate media to test all phases of their recovery plan. The worst-case scenario is contaminating clean backups during a recovery exercise.
Key steps to protect against ransomware
- Ensure that your company’s data is kept in three copies.
- Two backup copies should be stored on different devices or storage media.
- Maintain at least one backup copy off-site and offline or in a location that is not accessible other than physically.
- Back up your data regularly.
- Install intelligent, integrated cyber security software.
- Using vulnerable remote desktop services is not a good idea.
- Patch often.
- Train your employees on how to spot phishing emails and suspicious links, and more