Let’s go back. Way back. All the way back to May 2017. Over a weekend in the middle of that month, an aptly named bit of ransomware known as “WannaCry” swept through Windows operating systems faster than a California wildfire, infecting more than 200,000 systems in over 150 countries in a matter of a couple of days; this according to a subsequently released report by Europol.
Doing damage in all sorts of very scary ways, including the terrifying prospect of rendering hospitals and health care facilities incapacitated, WannaCry prompted Microsoft to undertake the highly unusual (and expensive) step of issuing patch updates for millions of customers.
While Microsoft’s quick and effective response no doubt saved many of its customers from further expense (not to mention digestive malfeasance), the message had nevertheless been sent; the age of ransomware had truly and fully arrived.
By now most business owners and executives have heard the horror stories. An unsuspecting employee opens up the wrong email and clicks on the wrong link. And boom! They’re hit with a vicious ransomware attack, effectively locking them out of their own systems and rendering their entire network inaccessible to anyone but the hackers themselves.
The hackers then demand a ransom, usually in the form of bitcoin or Amazon card, anything that can function like cash without leaving a transactional trail and play a high-stakes game of chicken with your livelihood as the bet.
According to Verizon’s most recent 2018 Data Breach Investigations Report, there were more than 700 major incidents of ransomware attacks last year, making it the single most prevalent variety of malware used by cybercriminals in 2017.
The report goes on to illustrate that since 2014, the rates of ransomware use are becoming far more common. And even more alarming, the data suggests a shift of focus on the part of the hackers, from individuals to businesses, utilities, public institutions, and other enterprise servers. In fact, a study conducted by Osterman research suggests that ransomware has become a $1 billion source of income. That was two years ago.
Wait! Don’t jump out that corner office window just yet, like any form of cyber threat, there are methods to mitigate your risk of exposure to ransomware and reduce the time and cost of recovery should you fall victim to one of these attacks. What follows are three easy-to-follow bits of advice to ensure you don’t end up negotiating with cyberterrorists.
An Ounce of Prevention is Worth a Pound of Cure
Like anything else in life, if you prepare for something before it happens, you’ll be in far better shape than if you’re reacting to a bomb after it’s already gone off. Ransomware is no different. As a business owner or executive, you should be thinking about these kinds of risks before they happen.
Though not fool-proof, installing antivirus software and making sure you download update patches will go a long way to keeping your systems safe from cybercriminals. Some ransomware attacks are more sophisticated than others and may be able to bypass your antivirus defenses, but many won’t.
Also, it’s important to keep in mind that statistically speaking, the point of greatest vulnerability is always you or one of your employees. You can invest in all the security you like; ultimately it only takes one click on an email link from a nefarious sender to undo all your good works.
For this reason, we recommend you train your employees. Train them hard and train them often. A workforce that has been actively educated on the dangers of the risks of these sorts of attacks are far less likely to fall victim to them.
Finally, you might consider using a process known as whitelisting, which forbids any unauthorized process from running on a protected system. While this involves some added time and effort on your part, it will go a long way to preventing any unwary employee from visiting a website or running a program on company equipment that leads to malware infecting your system.
Embrace the 3-2-1 Rule
Should your attempts at prevention fail, and you become the unfortunate headache holder responsible for cleaning up a ransomware mess, remember that in effect you now have three simple choices: you can pay the ransom, you can restore your data from a backup, or you can chuck your server out a window and start over.
Obviously, restoring your data is by far the most favorable option of the three. But for that to be an avenue you can take, you should have taken some preparatory steps. A simple rule to follow is what’s known as the “3-2-1 rule.”
The 3-2-1 rule is basically a plan for backing up your data. It says that you should have three copies of your data, in two different locations, one of which is off-site. This is because there are ransomware programs out there that will seek out and encrypt your backup files the same way they would with the rest of your data.
You want to make sure you have multiple iterations of your backup so that you can retrieve the versions of your files before they were encrypted, and an image backup so that you can see exactly what versions of what files you had at what time.
At least one of your backups should be off-site and “gapped” or disconnected from the rest of your systems, ideally separated from any internet or network connection entirely. This way, if a nasty ransomware program is able to encrypt your connected backups, you should still have a version of your files that is unreachable by the malware and, therefore, incorruptible.
If you’ve followed this rule, it will be very hard for cybercriminals to successfully perpetuate a ransomware attack against you. That is, of course, provided that you had the foresight to actually test your recovery system so that you know you have a program and method that can effectively recover your data in the event of an attack.
Don’t do the Titanic thing. Figure out what your turning radius is before you go racing through the icebergs.
Tier Your Backups for Short, Medium and Long-Term Effectiveness
Due to the aggressive nature of most modern ransomware programs, and their ability to sniff out backup data, it’s wise to develop a tiered recovery approach to cover all your bases.
Day-to-Day Backups
Use a cloud-based backup system such as Dropbox, Carbonite or Google Drive to do your daily backups. This should allow you ease of access to your data should you fall victim to a less sophisticated attack. Most cloud-based platforms will allow you to recover previous versions of your documents going back 90-120 days.
If you’ve instituted the proper security protocols for access to your backup drives, it may be that the ransomware will not be able to access them. This will depend on not only your security practices but how many employees and employee machines had access to the backups. For obvious reasons, it’s usually a good idea to limit such access.
Medium-Term Backups
You can store regular backups of user machines on physical storage devices (think solid-state external hard drive) that are either logically or physically isolated from your network.
These devices should be updated somewhat regularly so that in the event of an attack, you can use them to restore your machines to the state they were in before being compromised.
Long-Term Backups
Long-term backups should be completely offline at all times and physically isolated from every other machine or server with a network or internet connection. These should be backed up with every vital system and file your company would need to run in the event of an emergency.
Be wary not to back up an already infected file, as it will spread, encrypting your backup and rendering it useless.
