Take precautions to overcome increasingly audacious Ransomware attacks
Ransomware is the fastest-growing malware threat, targeting victims across all industries. The per-incident cost for lost productivity, resources to recover files, and the payment averages about $333,000, according to the U.S. Department of Justice. The FBI reports that over 4 thousand attacks on average occur in the US alone each and every day and the number is growing exponentially, in terms of both the frequency and sop
Related infographic: Cyber attacks carry hidden costs
The Barnstable Police Department in Hyannis, Massachusetts, is all-too familiar with such attacks. The department was the victim of a ransomware campaign earlier this year, but was able to recover from the incident without paying off the bad guys.
One day this past September, Barnstable Police IT Director Craig Hurwitz noticed his files being encrypted, one by one, and realized he was unable to access them. Soon afterward, he received an email demanding payment of a ransom or the data would be lost forever.
Don’t be caught off guard
In the case of ransomware, it’s important for organizations to have a disaster recovery solution in place before an attack. SMBs and organizations like the Barnstable Police Department often have fewer IT resources, making them particularly vulnerable to data loss from such assaults. With a disaster recovery plan sometimes viewed as a “bridge to cross when you get to it,” backup cycles often lapse due to other more pressing concerns, making it impossible for SMBs to recover their data without paying a ransom.
But the best protection is to have a robust storage solution so that the consequences of a system attack easily can be reversed. Storage options include traditional overnight backup cycles (24-hour cycles) or more frequent periodic cycles. These plans are a good start, however, after an attack, all data is compromised.
Some backups still vulnerable
Real-time backup or file synchronization will only protect recently encrypted and, therefore, inaccessible files, which serves no useful purpose. Increasingly, ransomware attacks are becoming more sophisticated, where the malware spreads to encrypt all backups as well, forcing users to pay up once they discover their backups also are inaccessible.
To really protect data both before and after an attack, companies should look at a storage solution that offers a continuous and automated backup cycle that does not require IT administrators to constantly monitor data — such as taking periodic snapshots — and allows a company to go back to any point in time and immediately restore data from local files and server applications. A tiered or distributed backup approach that keeps several copies in different locations and on different media also is a good defense.
Fortunately for the Barnstable Police Department. it recently had updated its primary storage system and had built in data protection capability as a key feature in its tiered hybrid storage system.
The department was able to recover data right up to the start of the attack. Without a storage solution in place, it would have taken several days to recover the files. For mission critical businesses and organizations, like Barnstable’s, delays are unacceptable and could be a matter of life and death.
Note: This Guest Essay first appeared in the publication; “Third Certainty” on 6 December, 2016.