By Gary Watson, Nexsan Founder and Vice President, Technical Engagement
Companies across diverse industries need built-in resistance to file tampering or destruction from ransomware attacks
Cybercrime is on the rise in many guises. But one of the most pernicious threats on the current landscape comes from ransomware hacks and attacks.
At the end of the first quarter in 2016, the FBI reported that American companies were on pace to pay an estimated $1 billion in ransomware payments by the end of the year—compared to $24 million in all of 2015. This is just the tip of the iceberg when you consider the compromised productivity and often lost-forever data that go hand-in-hand with a ransomware attack.
The situation will worsen before it gets better. The tactics of increasingly persistent cybercriminals are getting more difficult to detect, with hackers paying expert programmers to constantly create countless new types of ransomware attacks. Ransomware has become an industry unto itself, with many major organizations ranking it among their top concerns for cybersecurity in 2016 and beyond.
Why Your Ransomware Strategy Matters
If you’ve yet to experience this particularly devastating form of malware, beware: it works by encrypting your data so that you can’t access it, and then demanding a ransom fee in exchange for the possibility that it might be decrypted again—though that decryption isn’t really guaranteed. The extortionists may make further demands even after receiving payment, or cut off further communication without restoring your files.
If you haven’t given much thought yet to your strategy to combat ransomware, these facts should encourage you to prioritize it ASAP:
- Once one machine is infected by ransomware, it can spreadlike wildfire throughout an entire network.
- Ransomware is a nightmare to remove from computers—if you don’t have copies of the files that were infected, you’re probably out of luck.
- Ransomware increasingly uses a remote key generator stored in a hidden “dark web” location, accessed via untraceable technologies and using military-grade encryption, which is essentially unbreakable.
- It’s common that your files will be damaged during your initial troubleshooting attempts after a ransomware attack, leading to decryption problems even if you pay the ransom.
Prevention vs. True Protection
Many organizations are aware that they need to do something to guard against malware attacks like ransomware, and have thus taken various initial preventive measures to this end, such as installing antivirus software programs to conduct scans against potential malware infections. This is certainly a good start to an anti-malware strategy, as are other familiar, common-sense preventive paths that IT administrators have used to guard against previous generations of malware threats such as:
- Running frequent backups to guard against data loss while keeping in mind the practicalities of meeting your recovery time objectives.
- Keeping users from visiting unapproved websites or clicking on links within emails that they weren’t expecting to receive.
- Updating and patching management tools on all networked devices regularly.
- Enabling firewalls to potentially help block traffic from known ransomware.
- Making sure that users and administrators run in the least-privileged mode possible while still being able to be reasonably productive.
- Finding ways to establish non-native rendering of PDF and MS Office files, so that a browser sees a safe view.
- Disabling RDP unless used in carefully controlled maintenance procedures.
The unfortunate reality, however, is that despite using such precautions, an organization still won’t necessarily be safe from all ransomware attacks. This is because focusing on protection is just not enough to defend critical data against today’s breed of increasingly savvy and malicious hackers. The key is to take a broader strategic approach that considers not just how to protect your data from threat, but how to manage the fallout and restore data once a malware attack has occurred. To this end, forward-thinking companies will invest in an archive storage solution for post-attack in addition to any protective pre-attack measures they put in place.
Archive Data Solution to the Rescue
Since anti-malware programs and general protective best practices are an incomplete strategy against ransomware that may leave you high and dry if a cyber thief does penetrate your system, it is vital to focus on file restoration that you can rely on to get your data back in the event of an attack. The best file restoration strategy currently on the market is in the form of an archive data protection system, which unlike antivirus or antimalware solutions can resurrect files after a ransomware attack.
A secure hardened archiver can actually protect important unstructured data automatically without repeated back ups, saving time and money.This type of solution also delivers a higher level of integrity and assurance than conventional servers and storage, allowing companies to meet and exceed the stringent storage requirements of compliance regulations including HIPAA, SEC17a-4, Dodd- Frank, FDA 22, Sarbanes Oxley, and PCI.
Deploying an archive data solution allows organizations to achieve a number of other benefits that they couldn’t achieve through antimalware alone:
- Protection against any type of unauthorized file tampering—whether from accidental edits or deletions from ransomware or viruses, or from people, including employees or administrators.
- Ability to resist attempts by even privileged accounts to modify files, decreasing the chance that authorized users will be tempted to make unauthorized changes. Even if there’s an attempt to overwrite a file,the solution creates a new version, which is stored.
- Incorporation of features that allow for easy implementation of multi-decade retention times—for example, by keeping a double copy of each file in two different protected locations. Such solutions also can issue globally unique consecutive serial numbers to files for life time tracking.
- Only having to restore shortcuts, not the entire file. This is extremely useful in the aftermath of a Ransomware attack since it only takes a few minutes to restore files, which provides the company with access to their data right away and helps RTO objectives.
- Automatic production of a unique fingerprint of the files’ contents as well as metadata when saving files.
- Avoids replicating corruption by checking serial numbers in sequence to ensure all files are present and match previously stored hashes.
- Protects files safely inside an archive even when ransomware gets past antimalware and other defenses, to keep files from becoming encrypted and renamed.
Attempts at corruption or deletion can come from anywhere—or anyone inside or out of your organization—at any time, including from ransomware. Antimalware and other protective “front-end” measures have a role to play in securing your data from such invaders, since they can sometimes help decrease the frequency of successful attacks.
But using an archive data solution on the back end as well offers a much more complete strategic solution. In fact, aggressively locking down your high-value data using a hardened storage solution is the only true protection you have against ransomware. Persistent hackers can penetrate protective barriers, and if that happens, your files are a goner—but not if you’ve incorporated archive data protection as part of your security strategy.