Ransomware has been snapping at the heels of businesses since 1989, but even after the 21-year-long battle, ransomware is far from dead.
While much talk centres around the financial implications of a ransomware attack – particularly for businesses that have not only lost data but also paid the ransom, there are many other costs such as brand damage and a loss in customer confidence.
“When I talk about ransomware at events, I will often ask for a show of hands of how many attendees have had some sort of ransomware incident. It's shocking how many hands are raised If you haven't had an event yet, you are lucky,” says Veeam's senior director of product strategy, Rick Vanover.
When data loss is not an option and paying the ransom is not an option, how do you ensure that ransomware doesn't win?
Veeam specialises in backup, restore, and recovery solutions, as well as the ability to help organisations prevent, detect and recover from a ransomware attack, so the company understands exactly how organisations typically deal with these incidents.
Ranover says there are three main strategies you need to win every ransomware battle: Education, implementation, and remediation.
Each strategy has its own disciplines, tools, and sometimes different people that support it, with wider support from IT and management.
Let's take a brief look at the first of these strategies.
Education
Once an organisation has identified the risks associated with a particular threat actor, it should then aim to educate IT teams and end-users within the organisation.
There are three main entry points that ransomware uses to get into a system: remote desktop protocol (RDP), phishing attempts, and software updates.
IT administrators will be familiar with RDP, however many of these servers are still directly connected to the internet. Veeam states that more than half of all ransomware comes from RDP, which clearly demonstrates that internet-connected RDP needs to stop. Keep RDP off the internet.
Phishing emails often don't look or sound right, but not everyone will act the right way. There are many tools that can test an organisation's ability to detect phishing incidents – Veeam explains this in more detail in its report.
Patching and updates are far from a glamorous task, but they are a good investment because many ransomware strains exploit a known vulnerability – WannaCry and Petya to name but two.
How to educate through preparation
Organisations will likely have tools to protect against cybersecurity incidents such as ransomware, however, it is worth taking the time to learn how each tool could work.
If a ransomware incident results in the need for data restoration, IT teams should understand how different restoration scenarios could work. With this understanding, teams can familiarise themselves with processes, gain an expectation of how much time could be involved – and most importantly – they will understand if a tool works as it should.
For example, a replica failover may be the most logical way out of a ransomware incident. A file-level restore may make the most sense. Teams could also restore whole VMs. Every restore scenario is different, so it is worth becoming familiar with these possibilities.
The education strategy is important to ensure that ransomware stays out of the enterprise – and if it does get in, there is a plan in place, so people know exactly what to do about it.
One way to measure this investment in education is to compare it with the risks, costs and pressure of dealing with a ransomware incident unprepared.
Don't leave your company's security to chance. Uncover more from the Beat Ransomware: Education, Implementation and Remediation with Veeam white paper.