The cyber threat landscape in Australia continues to be a challenge for businesses, with more…
It’s hard to overstate the dangers ransomware poses to businesses and individuals alike. In the first quarter of 2022, there were more ransomware attacks than in the whole of 2021.
Ransomware has grown more sophisticated over time and as a result, organisations have had to employ data security policies, software, and strategies to reduce the danger of growing threat environments. While preventing and avoiding ransomware attacks is crucial, it’s also critical to have a data backup and recovery strategy if one does occur.
What is ransomware?
Ransomware is a type of malware that acts to prevent users from accessing data and files. As ransomware infects your system, it starts to search for files and encrypts the data with a private key. This locks down files or programs so that you can not access or use them. After the ransomware has hijacked your system, the entity or hacker in control of the malware will demand a ransom in exchange for giving you the encryption key to access your data.
Generally, organisations will opt to pay the ransom to avoid downtime that could be catastrophic for business continuity. This is despite the ACSC recommending victims of ransomware attacks do not pay a ransom as there is no guarantee that payment will retrieve data. Research shows that ransomware groups frequently fail to hand over a decryption key after a ransom is paid.
Recovering encrypted data is also costly in terms of time and resources, costing your business more downtime and disruption to operations. While it is important to take steps to reduce the risk of ransomware attacks, such as security awareness training and security tools, keeping your important files safe from threat actors is possible by having a backup solution to restore data.
Which businesses are targeted by ransomware?
Small businesses tend to think they are immune to becoming victims of ransomware, but the truth is anyone can become a target. The biggest impact ransomware tends to have is when a government or public agencies are affected, as this can mean emergency services and critical infrastructure are impacted.
- Healthcare such as hospitals and clinics are often using legacy systems that aren’t updated and are therefore easy to infiltrate. These entities are vulnerable to ransomware as any data that becomes unavailable can put the lives of patients in danger.
- Government entities are attacked frequently due to the high volume of sensitive data they have access to, and it is assumed they will pay a ransom quickly to avoid exposure.
- Human resources departments are also vulnerable as they have access to personal and financial details that are valuable to threat actors. Often HR teams will be duped by fake job applicants that introduce malware via infected email attachments.
- Academic institutions are less likely to have robust IT security and share files at a high rate compared to other businesses, which can include valuable data such as research and intellectual property.
- Businesses that have many devices connected to the network, especially BYOD, have poor security awareness and are likely to be more vulnerable to cyber-attacks. Cyberattackers will try to find vulnerabilities in a system, often through employees who open an email that has an infected attachment.
Backup and recovery is the simplest way to protect your organisation against ransomware attacks. Having a clean backup of data means you can reduce recovery time and can avoid having to pay a ransom, which has averaged $1.2 million in 2021.
Basic data strategies follow the 3-2-1 rule as best practice for backup and recovery, improving data protection, reducing data loss, and preventing ransomware from bringing your business to a halt.
This is how the 3-2-1 strategy works:
- Have 3 copies of the data
- They should be stored on 2 different media
- 1 of which is located off-site, such as cloud storage.
Limits and risks of ransomware protection
However, ransomware is becoming more intelligent, employing double- and triple-extortion tactics as well as methods that allow the malware to remain undetected for longer. This puts pressure on the second line of defence against ransomware—good data backups, as it is possible that ransomware has been in your system for some time before it has been noticed, and everything has been encrypted, including your backups. Restoring data from backups could unwittingly re-infect systems from ransomware hiding in your backup copy.
In the event of a ransomware attack, backups stored offline or in the cloud are protected by what is known as air-gapped backups. This refers to the idea of keeping backups physically separated from the information they are backing up – a literal air gap. Snapshots store metadata, parent copies, and even deleted files and are now often referred to as immutable backups because once copied, they cannot be altered.
Ransomware resilience with the backup and disaster recovery experts
While preventing ransomware attacks is the best option, once an attack has already occurred, the best chance to recover the data is to maintain regular data backups. To ensure your data is safe long-term from ransomware attacks and has the full protection of data backups, talk to the data recovery experts at INTELLIWORX today.