… is everywhere.
One of the scarier trends in cybercrime is ransomware: criminals infect your workstation or network with software that can encrypt your files. You, the victim, then have to choose whether or not to pay the ransom to get the decryptor tool. No one wants to be in this position.
How big of a problem is this? Here are some quick numbers from 2016:
- Nearly 50% of organizations have been infected with ransomware
- Companies paid $209 million to ransomware criminals in Q1 2016
- Less than half of ransomware victims fully recover their data even with backup
- More than 4,000 ransomware attacks have occurred every day since January 2016, up from 1,000 per day in 2015
- 40% of all spam email had ransomware, and 59% of infections came from email
- 70% of businesses paid the ransom
- In 2017, attacks are expected to double 2016 numbers
- Most businesses face at least two days of downtime when hit with ransomware
What can you do?
The best defense to ransomware is a solid security infrastructure that includes comprehensive email, web, application, and network protection. Since users are our last line of defense and almost always our weakest link, you'll need to include user training and ongoing reinforcement of security awareness. No security strategy is complete without that.
Research has repeatedly shown that the businesses most likely to recovery from ransomware are those with solid data protection and disaster recovery plans in place. At a minimum, this means we follow the 3-2-1 rule: three copies of your data (including the original), two backup copies of your data kept in two different places, one of which is off-site. But there's more to consider here than just the data backups and where to keep them.
If you're reviewing or building a new backup strategy, here are a few things to consider:
Data or system state? If you backup your data, do you have what you need to restore your operating system, domain, applications, etc? A simple data backup can take less time to perform and save space on your backup storage, but you may have to manually reinstall your operating system and applications.
Application considerations: What roles do your applications perform? If you have several application servers running on-premises, you'll want to choose whether to backup all of them, or just those performing critical functions in the organization. Does your application generate dynamic data or is it a simple static configuration that can be protected with infrequent backups? Be sure to maintain documentation of your applications, version and patch levels, and any other data that you'll need should you have to restore.
What is your risk tolerance level? How long can the company remain offline between the time of an attack and the time that normal operations resume? The maximum time you are willing to accept is your Recovery Time Objective (RTO), and this is something that management and senior executives should decide or agree to when you propose the disaster recovery plan. When having this conversation, take care not to confuse this with the Recovery Point Objective (RPO), which is the amount of data you are willing to lose.
For example, you may have a Recovery Time Objective of 1 hour for your public facing website, because it's important that the public knows you are open for business. Your Recovery Point Objective for that website might 72 hours or more because the website data is easy to recreate or just not that valuable. In this case, the System Administrator would restore the website as soon as possible from a backup that might be several days old. Digging into scenarios like this will help you determine your data protection plan and get buy-in from others.
As mentioned above, even companies with data protection in place can lose data in a ransomware attack. Comprehensive security has never been more important. However, a data backup is still your best hope to successfully recover from a ransomware attack. World Backup Day is a reminder to review your disaster recovery strategy and make a plan to plug any holes that you find.
For more information on World Backup Day, visit the official website here.
For information on how Barracuda can protect you from ransomware, visit our corporate ransomware site here.
Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.
Connect with Christine on LinkedIn here.