World Backup Day — Ransomware …
… is everywhere.
One of the scarier trends in cybercrime is ransomware: Cybercriminals use malicious software, often delivered as an email attachment or link, to infect the network and lock email, data, and other critical files until a ransom is paid. These evolving and sophisticated attacks are damaging and costly. They can cripple day-to-day operations, cause chaos, and result in financial losses from downtime, ransom payments, recovery costs, and other unbudgeted and unanticipated expenses. You, the victim, then have to choose whether or not to pay the ransom to get the decryptor tool. No one wants to be in this position.
Recently, criminals have refined their tactics to create a double extortion scheme. They base their ransom demands on research they perform ahead of the attack. They steal sensitive data from their victims and demand payment in exchange for a promise to not publish or sell the data to other criminals. Since criminals cannot be trusted, victims who pay are often contacted several months later and asked for another payment to keep the stolen data secret. Some ransomware criminals will accept payment but sell the data anyway.
How big of a problem is this? Here are some quick numbers:
- Ransomware attacks increased by 64% year over year in 2021
- The FBI's Internet Crime Complaint Center reported 2,084 ransomware complaints from January to July 31, 2021.
- The average ransom ask per incident is over $10 million
- According to the U.S. Treasury's Financial Crimes Enforcement Network, there was $590 million in ransomware-related activity in first six months of 2021 — more than what was reported in all of 2020.
- 74% of organizations said their organization has been the victim of at least one ransomware attack in the last year.
- Ransomware is part of 10% of all data breaches
What can you do?
The best defense against ransomware is a solid security infrastructure that includes comprehensive email, web, application, and network protection. Because users are your last line of defense and almost always your weakest link, you'll need to include user training and ongoing reinforcement of security awareness. No security strategy is complete without that.
Research has repeatedly shown that the businesses most likely to recovery from ransomware are those with solid data protection and disaster recovery plans in place. At a minimum, this means following the 3-2-1 rule: three copies of your data (including the original), two backup copies of your data kept in two different places, one of which is off-site. But there's more to consider here than just the data backups and where to keep them.
If you're reviewing or building a new backup strategy, here are a few things to consider:
Data or system state? If you backup your data, do you have what you need to restore your operating system, domain, applications, etc.? A simple data backup can take less time to perform and save space on your backup storage, but you may have to manually reinstall your operating system and applications.
Application considerations: What roles do your applications perform? If you have several application servers running on-premises, you'll want to choose whether to back up all of them or just those performing critical functions in the organization. Does your application generate dynamic data, or is it a simple static configuration that can be protected with infrequent backups? Be sure to maintain documentation of your applications, version, and patch levels and any other data that you'll need should you have to restore.
What is your risk tolerance level? How long can the company remain offline between the time of an attack and the time that normal operations resume? The maximum time you are willing to accept is your recovery time objective (RTO), and this is something that management and senior executives should decide or agree to when you propose the disaster recovery plan. When having this conversation, take care not to confuse this with the recovery point objective (RPO), which is the amount of data you are willing to lose.
For example, you may have a recovery time objective of 1 hour for your public-facing website because it's important that the public knows you are open for business. Your recovery point objective for that website might be 72 hours or more because the website data is easy to recreate or just not that valuable. In this case, the system administrator would restore the website as soon as possible from a backup that might be several days old. Digging into scenarios like this will help you determine your data protection plan and get buy-in from others.
As mentioned above, even companies with data protection in place can lose data in a ransomware attack. Comprehensive security has never been more important. However, a data backup is still your best hope to successfully recover from a ransomware attack. World Backup Day is a reminder to review your disaster recovery strategy and make a plan to plug any holes that you find.
For more information on World Backup Day, visit the official website here.
For information on how Barracuda can protect you from ransomware, visit our corporate ransomware site here.