Ransomware is the fastest-growing cybercrime risk. The security firm Trustwave claims that ransomware attacks have outpaced card data theft over the past year.
Research conducted by Sophos discovered that more than half of all ransomware-related attacks of 2019 targeted companies. With 75% instances, attackers could encrypt the data. Although most companies were able retrieve information, the majority were able to do it twice as fast as they did from backup, rather than having to pay the ransom. Their cost was half the cost of the ones who had paid.
To prevent ransomware attacks To avoid ransomware attacks, it is essential to be sure your backups are safe and verified. Backups should be created frequently and be comprehensive and thorough. Backup policies must be reviewed frequently and practice should be evaluated.
This article will cover the top five things you should do regarding backup to ensure that your company is secure from ransomware.
In the last few years it has become increasingly targeted and could be more destructive. Even though cyber security firms have not seen more attacks Sophos claims they observe a shift from “mass-market spray and pray” ransomware on desktops to targeted attacks targeting companies.
The ransomware, irrespective of its intended target, comprises three components that are: the initial attack, or the delivery of malware security of victim’s personal data and communication back towards the perpetrator.
Malware has a variety of ways to attack companies.
Social engineering is an important factor: Approximately one-third (33 percent) of ransomware-related attacks originate from people downloading malware-laden files or emails that contain malicious hyperlinks. Ransomware may also be distributed through attacks directly on servers and attachments with malware attached to emails and also through cloud-based resources.
The National Centre for Cyber Security further stated that ransomware was spread via unpatched remote access devices as well as vulnerable remote desktop protocols (RDP).
Security tools like malware scanning, mail filtering and firewalls can be beneficial. You can also restrict access to the network through applying patches or restricting the privileges of users.
The best defense is a reliable backup system that can safeguard information.
Be safe from ransomware by making backups: The best five steps
-
Review and revise backup policies
Retrieving backups of data that are clean is the best way to protect yourself from malware. While an enterprise may be able to pay a ransom for the encryption keys however, there is no guarantee it will. Backups are more secure and less expensive in comparison to ransoms. Also, it doesn’t require giving money to criminals.
Backups will only be successful only if they are thorough and reliable. CIOs should ask for an audit of every data location. It’s easy to lose important information from an backup plan.
This is crucial given the increasing trend of remote work as part of the covid-19 epidemic.
You can ask these kinds of questions
Are end-user systems being backed up?
Is the backup plan specifically designed to protect cloud backup storage that is not permanent or is it intended for users? While cloud storage must be resistant to physical failure however, it cannot safeguard against ransomware that can infect files.
3.2-1 Rule is considered to be the most effective backup method: Create 3 copies of the data you have, then store them on two different media types and save one backup off-site. The backup on offsite storage is not required to be connected to the network of your company to guard against ransomware.
-
Air gap business data
Cloud storage is an ideal technology to backup your data over the long term. In some instances it’s even been able to replace tapes and optical disks for backup storage media.
Cloud storage is able to protect information from physical disturbances like power outages flood, fire, and hardware malfunctions. But it can’t automatically guard against ransomware. Since cloud storage is a part of a shared infrastructure, it’s susceptible to attacks by customers.
Find out more about backup of ransomware
How to stop double-extortion ransomware attacks. Hackers are changing their strategies to get victims to pay greater amount of money. We analyze the increase of double the amount of extortion.
Protection against ransomware is possible when backup and security combine. Ransomware could disable backup systems, which are the last line of security against loss of data. Data protection companies have partnered with security firms to protect backups.
Fred Moore, an analyst at Horison Information Strategies warns that cloud providers are also at risk of ransomware-related attacks.
He claims that hackers are now targeting cloud-based services since they don’t have to have a password in order to gain access to cloud-based information. “They simply steal the credentials and delete or encrypt an organization’s cloud backups using a man-in-the-middle-attack.”
CISOs can enhance cloud backups with tape or other media to serve as backup media. While cloud backups can serve as an offsite backup of data, keeping another one in tapes and keeping them offline is the most effective way to safeguard you ” air gap ” data from ransomware-related attacks.
-
Backups regularly are highly recommended.
It is vital to keep in mind that companies should backup regularly their data.
CIOs should review their the policies on backup frequency, and the frequency at which data is backed to off-site storage (including cloud storage) or mechanically separated media such as tape. It is possible that you need to store data more frequently.
IT departments need to be aware of the length of backups that they maintain especially air-gapped media. Ransomware may employ time delays (also known as “attack loops”, to obtain information from seemingly secure systems.
To locate clean copies, that require a longer retention period (or even more) copies companies may have to look through many backup versions. It’s also a good idea to have separate backups for critical business systems, to simplify recovery.
-
Backups should be robust and free of filth
It’s difficult to know that backups are free of malware, but companies should take every step to ensure that backups are not infected with malware.
Not only do you need to follow strict air-gap guidelines essential (such as shutting down media as soon as is possible) but also the most up-to-date malware detection tools and patching software are essential.
The companies should think about writing one or read many (WORM) media such as optical disks or tapes that are configured to be WORM. Certain cloud storage providers provide storage in WORM format.
Other security measures include access controls. Tools like Windows 10 Controlled Folder Access can be used to restrict users’ access to sensitive information. This can help stop the spread of ransomware and will increase the security of backups.
-
Test and plan
It is crucial to test backups as well as recovery strategies. This is crucial to determine the possibility of recovering data and to calculate the recovery time.
It is best to utilize off-site media that is air-gapped. What is the time it will take for the system to be repaired? Which systems should be prioritised in order to recover? Are firms required to have separate networks that are clean to recuperate?
The recovery strategy should be tested by CIOs who use duplicate media. It is a disaster for backups that are already in place to be damaged by a recovery exercise.
