Ransomware — the moment of truth
A ransomware attack is a classic ticking-clock scenario. Your critical business data has suddenly been taken hostage. Hackers have used advanced encryption to render it inaccessible — and now they’re demanding an exorbitant amount of money to decrypt it. How will you respond? Can you ensure the safety of your data if you refuse to pay — or even if you do? While you consider your options, your organisation remains paralyzed. Every passing minute increases the pressure to make the right choice.
In this blog, we’ll explore the elements of risk management, including planning, prevention, monitoring, fast restores and testing. We hope this information can keep you from becoming a victim by providing a critical last line of defense against ransomware.
Your five steps to prevent ransomware and manage risk
A complete ransomware strategy includes both reducing the risk of a successful attack and lessening the impact of an attack that does succeed. Broadly speaking, there are five things you need to do: plan, prevent, monitor, restore (quickly) and test.
1 - Create a plan
An ongoing attack is no time for improvisation or ad hoc measures. An effective plan is the foundation for a full and speedy resumption of normal operations. The essential elements of an anti-ransomware plan — like any disaster recovery plan — are what, when and who:
While it’s not realistic to try to make your organisation completely invulnerable, every attack you can prevent will save you tremendous pain, time and cost. There are several ways to go about this.
Start with user vigilance — possibly the single most important step you can take. Most ransomware — and most malware in general — is delivered via email and triggered by an unsuspecting employee. Preventing this can be as simple as checking attachments to make sure they’re from a known sender or trusted source before opening them. Similarly, software should be downloaded only from a legitimate vendor or app store, and should be scanned for malware before it’s clicked. Measures as simple as these could have stopped many high-profile breaches.
IT needs to act responsibly as well. Updates and patches should be applied in a timely manner — especially given that most successful attacks exploit vulnerabilities for which patches have long been available. Sound IT practices are simply non-negotiable.
Once you’ve reduced the risk of a malware attack from entering your environment, the next step is to secure and protect your data against any exploits that do make it through. This should include:
No matter how consistent and effective your countermeasures are, you have to assume that at some point ransomware will enter your environment. At that point, the focus shifts to monitoring: detecting the attack as quickly as possible so you can reduce its impact.
Detection can include scanning servers for anomalies such as unusual file system behavior that can signal that an attack is underway. Machine learning has become a key asset in this effort, using historic data to recognize the difference between legitimate activity and signs of potential trouble.
Honeypots take detection one step further by creating a hidden file of a type that’s especially appealing to hackers, and monitoring it for signature changes and other anomalies.
4 - Restore your dataFast restores can greatly reduce the impact of a ransomware attack. Not only do you still have an intact copy of your data — you also have the ability to make it available to systems and users quickly so you can resume normal business operations.
There are three ways to back up data, each with different implications for restoration.
Once you have your plan in place, along with the procedures and technologies to execute it, make sure it’s really going to work as needed. Perform frequent tests to verify that you can meet the SLAs you’ve defined for critical and high-priority data and applications.
Taking action against ransomware
With COOLSPIRiT & Commvault your data protection and recovery solution can be a valuable part of your anti-ransomware strategy. Advanced technologies powered by artificial intelligence and machine learning make it possible to detect and alert on possible attacks as they happen so you can respond quickly. By helping keep your backups out of danger, and making it possible to restore them quickly, you can minimize the impact of even a successful ransomware attack so you can get back to business right away.
Learn more about our partnership with Commvault on a partner page.
Ready to talk? Call us on 01246 454 222 or email hello@coolspirit.co.uk