Why You're Probably Not Safe from Ransomware

Written by

These days, you hardly have to make the case for some kind of protection against ransomware, the malicious code that locks out users from their data by encrypting it and demanding payment in return for the key.

Thanks to variants like Locky, Cerber, CryptoLocker, and CryptoWall, the number of attacks is in the millions, and rising up to 6,000% a year across large and small businesses, hospitals, school districts, governments of every size, and, yes, even police departments. If all victims were willing to report the incidents, these numbers would undoubtedly be much higher.

Just as alarming is the fact that many security teams believe they are well armed against such attacks because they have installed firewalls, anti-virus protection and backup systems for their data. Moreover, they may take comfort in the thought that if a malicious virus penetrates those lines of defense, much of their data is stored in the cloud. That should stop crooks from locking out users, right?

Unfortunately, it doesn’t. In an assault by clever cyber crooks, firewalls and anti-virus programs are about as effective as a trio of 120-pound linebackers. What about backups and the cloud? Let’s take them one at a time.

Conventional backups are certainly a necessary part of any standard defense against attacks, but they may not be adequate. First, no matter how robust, they’re always down after an attack. If your organization is storing hundreds of gigabytes of data on your servers, recovering those files with even a good backup system can take days. Time lost, is revenue foregone.

There’s a human factor, too. If you’re like most security or IT departments, chances are you haven’t backed up all your data; maybe just the information certain executives have designated as critical. Unless you’re backing up new data as it comes in, you probably leave some of it unprotected every night after you turn out the lights.

A third reason you shouldn’t entirely trust your backup system: Many IT departments—at least the ones I’ve spoken to—are not testing their restoration capabilities as often as they should. Fewer than one-in-four companies restore their data successfully after an attack. The software may be inadequate or the version too old. Or you may be forced to go to an older backup, on tape from a previous week—and lose several days’ worth of data.

Testing your backup system should be routine. Most companies don’t review the daily logs of their backup system. They should. Each morning, someone needs to check to see they were successfully backed up. In addition, your IT team should stress-test the backup recovery solution—your entire system, not just your files. While this takes some time, it’s nowhere near as long as it takes to recover lost or kidnapped files.

How often should you test your backup and recovery systems? That depends on what you’re using to test them and how long you store backups. If you only store backups for a week, test your systems every other day, or at least twice a week. If it’s a 30-day storage, go through the exercise at least every other week, if not once a week.

Backup, verify; restore, verify. Make this your mantra. Failing to do so is a little bit like ignoring fire drills or not starting up your home generator every so often: You don’t know if the equipment works until you test it.

Companies often tell me they think the cloud will protect them. I wish them luck because if cyber-criminals can compromise a desktop or laptop that has access to data in the cloud, they can cause enough damage to shake the heavens. Ransomware that attacks such a machine sends that encrypted data file right up to the cloud, overriding everything and holding hostage all your data everywhere.

There is one other disadvantage. If you’ve been attacked by ransomware in the cloud, you don’t get an alert from your provider. Unfortunately, even the best online backup services blindly copy any changes—good or bad—made on workstations or servers, as they synchronize with the cloud. If one of your file servers has been hit, at least you know it quickly since any user with access to a file will get the ransomer’s message. Watch the helpdesk’s phone lines light up after that! The trouble is, restoring files in the cloud can take longer than reconstituting them on a workstation.

While there’s no failsafe way to guard against ransomware, the best defense is a bit of offense. Find a system that tracks all the known ransomware so that each one can be screened and blocked. Better yet, install software that locks down a user account trying to encrypt files and make changes to the file server. Also be sure to have a system that can copy and store your most up-to-date files out of reach of an attacker—and that allows you to recover the data quickly once an attack is thwarted.

Cyber-criminals are getting smarter every day. To foil their efforts, why shouldn’t you?

What’s hot on Infosecurity Magazine?