Cybercriminals collected $209 million in the first three months of 2016 by extorting businesses and institutions to unlock computer servers.1 And that estimate is probably low, considering many companies fail to report such attacks for a variety of reasons. This type of crime has grown rapidly and is quickly becoming a favorite of attackers because it is so easy to execute. An attack like this on your business can have disastrous effects, many of which aren’t seen until after the ransom is paid.
What is Ransomware?
Simply put, it’s a type of malware that gets into a computer or server and encrypts files, making them inaccessible. The goal is to shut down your ability to do normal business. The attacker then demands a ransom for the key to “unlock” your data.
One recently publicized attack underscores how difficult it can be to decide what to do. An L.A.-area hospital was targeted and hundreds of patients’ lives were put at risk. The attackers achieved their infiltration through a simple targeted phishing email and one click of an attachment locked up the hospital’s medical records. They had very little recourse and ended up paying $17,000 to the attackers for the key to their own data2. In this case, paying the ransom was an easy choice with real health concerns in the mix, but that’s also what made them an ideal target. If you get hit with a ransomware attack, your organization will have an extremely difficult decision to make.
Neither is ideal.
Choice A: Pay the ransom
This is certainly the easiest way to get back up and running, but it only increases the likelihood you’ll be attacked again. Additionally, you are funneling money to organized crime or potentially even terror organizations. In some cases, companies paid the ransom only to have the attackers ask for more.
Choice B: Work to recover your systems
If you choose not to pay the ransom, you’ll need to recover the locked data yourself. If you do not have a clear recovery protocol in place, then you may have to deal with being locked out of your data and systems for a while. That forces you to weigh the impact on your business against the ransom ask, which is exactly what they want.
FBI guidelines: How to protect your company3
While ransomware attacks may have spiked, the tactics for preventing them are not new. It’s the same for all types of malware. Educate your employees on proper email protocol. Keep hardware and software patched and up-to-date, especially on your endpoints. And manage the access of your privileged accounts.
That said, like malware, it’s nearly impossible to stop everything. Per the FBI, your best defense against this type of attack is having a strong backup policy. Not just backup. Backup Policy. That means you:
- Regularly back up data. This is the simplest and most effective way to recover critical data.
- Secure your backups. That means storing them somewhere that is not connected to the original data, such as in the cloud or physically offline.
- Run recovery drills. The only way to know for sure if your system will work is to test it in real-life situations.
To us, this just further underscores the need to have a strong recovery plan that includes backup and disaster recovery (DR). Many companies, once they have a DR solution in place, are choosing to use less and less backup to save costs. The problem is, while incredibly useful, disaster recovery faithfully replicates your current environment. If that environment is compromised, so is your DR.
When you have solutions like Azure Site Recovery and Azure Backup, you don’t need to take that risk. Azure Site Recovery allows you to preserve history in the DR site, which can help reduce the problem posed by compromised disaster recovery. In addition, Azure Backup gives an extremely cost-effective and secure way to store your backups in the cloud. Backups in Azure are inherently safer because attackers not only need access to your environment, but also to a secure backup vault on Azure to orchestrate a destructive attack. Azure Backup preserves recovery points for up to 99 years while securing the backups offsite with tools like two-factor authentication and deferred delete preventing destructive operations against your backups. Moreover, since Azure Site Recovery preserves recovery points for multiple days, you can get operations going very quickly by restoring a working environment and patching vulnerabilities.
See how integrated cloud backup and disaster recovery provide you with greater security on our Protection and Recovery page.
Try Operations Management Suite for yourself and see how it can give you increased visibility and control across your entire hybrid environment. Get your free trial >
1Fitzpatrick, David, and Griffin, Drew. “Cyber-extortion losses skyrocket, says FBI.” CNN Money. 2016. http://money.cnn.com/2016/04/15/technology/ransomware-cyber-security/
2Staff Report. “LA Hospital Paid 17K Ransom to Hackers of Its Computer Network.” NBC Los Angeles. 2016. http://www.nbclosangeles.com/news/local/Hollywood-Presbyterian-Paid-17K-Ransom-to-Hackers-369199031.html
3FBI Public Service Announcement. “Ransomware Victims Urged To Report Infections To Federal Law Enforcement.” September, 2016. https://www.ic3.gov/media/2016/160915.aspx