As we move into the fourth week of National Cybersecurity Awareness Month (NCSAM), it’s important to think about how ransomware fits into your overall business continuity plan. Ransomware has been a problem for a long time, but attacks are getting smarter and can now target multiple sites and stop your whole business.
How would you explain this? Baltimore was hit by ransomware on May 7, 2019, and it was given the code name “RobinHood.” Hackers locked down the city’s file servers from afar with remote encryption and asked for 13 bitcoin in exchange for the keys to open them. The city called the FBI right away and shut down systems to stop the attack from spreading, but not before it had affected more than 10,000 computers and several city departments. Baltimore chose not to pay the 13 bitcoin, which was worth about $70,000 at the time, but the city was not spared any damage.
The lost income and the cost of restoring data and upgrading systems added up to more than $18 million.
So what should big businesses, government agencies, healthcare systems, and other big groups do to get ready for these attacks? And in this day and age of ransomware, what can a big company do to keep running without paying the hackers?
How to Keep Your Business Running in the Age of Ransomware
To learn more about this issue, I talked to David Shaw, who is the Chief Science Officer of Nasuni and an expert in cryptography. We talked about:
What we know about the Baltimore incident and how the ransomware threat is changing
How to avoid a ransomware attack and lessen its effects;
How to cut down on business downtime and costs after an attack by a huge amount
You can watch the video whenever you want, but I’ll go over the main points here.
How ransomware works and why it’s stronger than ever
The most common type of ransomware attack is an encryption attack. Malware gets into the system, finds all the files it can, and encrypts them. A lot of the time, encryption is seen as a good thing. But in this case, the attackers have the encryption keys. The victim can’t get to their own files because they don’t know the key or keys.
The attacker then gets in touch with the victim and offers to give them money, usually bitcoin, in exchange for the key to decrypt their files.
When ransomware first came out, it usually asked for small amounts of money. Attackers thought that companies would gladly pay a ransom of tens of thousands of dollars to keep their businesses from going down for three months. There are more attackers and the ransoms are higher now. More than that, some types have changed into widespread disasters that can affect dozens or even hundreds of sites.
How to Really Stay Away from Ransomware Attacks
So how do businesses deal with this growing threat? Shaw tells us that a strong front-line defense is very important. You want to do everything you can to stay healthy and avoid getting sick in the first place.
To do this, you need to protect your email servers with strong security systems and make investments in those systems. But education is also very important. End users in your company should be reminded not to click or double-click the links in the daily flood of suspicious emails which we all get. They won’t be able to win a million dollars by clicking that link. It will give people who use ransomware a chance to get money from the company.
Shaw also said, “If you find that USB stick in the parking lot, it might not be a good idea to plug it into your computer.”
Your organization will be safer if you spend money on security and teach your users how to use it, but Shaw warns of a serious problem.
Attackers will find a way through in the end.
The next question is what to do when ransomware does happen. How can you get back to work as soon as possible without stopping your business? Plus, how can you do this without giving attackers hundreds of thousands or millions of dollars, which will only make them more likely to attack again?
How to Quickly and Cheaply Get Back Online After Being Hit by Ransomware
Shaw says that backing up your files can be a good way to get them back, but you need to make sure that the backup won’t get infected along with your main data. This wasn’t a big deal back in the early days of ransomware. Attackers have now, however, found ways to get into online backups.
Tapes can work in some situations. Malware won’t be able to get onto a tape that is sealed inside a vault that is physically safe. The bad thing is that it will take you a lot longer to recover. In terms of keeping the business running, this is also not good enough. It’s not real recovery if a key business unit is down for days or weeks.
You could also keep your data safe in the cloud, which is the other choice. Nasuni was the first person to create a file system that stores each file as a series of objects in the cloud and keeps track of all the versions of the file. When you make changes to a file, those changes are sent to the cloud as objects. It’s not so much that the files are stored in the cloud that’s helpful; it’s how they are stored as write-once, read-many (WORM) data that can’t be changed.
Why does this work better? Think about what happened in Baltimore, which affected 10,000 users and laptops. If you used Nasuni, you wouldn’t have to restore every part of every file by hand for each user. Instead, IT would “window-rewind” the whole file system to the most recent point before the attack. All files would be restored from that point on because this would change the file system itself. Anyone reading a file after that would be better off. The IT department would still have to check different machines to make sure that some laptops don’t re-encrypt files, but the file system could be restored much more quickly than with tape restores, and business continuity would still be pretty good.
Also, this is not just a possible solution.
It’s not going away, so all big businesses should do everything they can to keep their systems safe, teach their employees, and get ready for a quick recovery. In that case, here are some resources we think you might find useful:
Always feel free to email us if you have any questions.