You may have heard stories of havoc raised by ransomware attacks on businesses, or perhaps you have experienced one yourself. The recent Onyx ransomware, for example, has been destroying files instead of encrypting them. Ransomware is one of the biggest threats in cybercrime and if anything, it is still growing; the FBI’s Internet Crime Complaint Centre reported a 62% year-on-year increase in ransomware from 2021.
A ransomware attack is successful when a device or network is hijacked and the malicious code locks, encrypts or deletes company data stored on the systems and holds it ‘ransom’ until a release fee is paid. Ransomware is one of the biggest threats to global businesses and small organizations alike. The risk of ransomware is especially increasing in smaller enterprises, as they have the tendency to invest less in data protection, although surviving a ransomware attack has nothing to do with company size.
You may be wondering what ransomware is and how it works.
How ransomware works
Cybercriminals can gain access to company devices via malspam (emails with malicious attachments), malvertising (malicious advertising) and spear phishing (direct emails with required downloads or links).
Once the files are encrypted, a ransom is demanded (often in cryptocurrency) and the data held hostage. Being caught by a ransomware attack can be a major setback for businesses, halting productivity and resulting in lost data and revenue. It can also result in losing customers if their stolen data is misused or sold, leading to a loss of trust and damage to company reputation.
In Sophos’ State of Ransomware 2022 report, it was shown that “66 percent of businesses surveyed were hit with ransomware in 2021, up from 37 percent in 2020” and that “the average ransom paid by organizations that had data encrypted in their most significant ransomware attack, increased nearly fivefold to reach $812,360, with a threefold increase in the proportion of organizations paying ransoms of $1 million or more.”
Most of the time, demanding a ransom is not the only form of blackmail that cybercriminals impose on companies. They impose double and triple-extortion threats, meaning hackers are not only encrypting data but stealing it and threatening to publicly disclose company information if the ransom isn't paid, putting a huge risk to the company’s reputability and customer trust. A lot of this stolen data, including classified customer information, ends up being sold on the dark web which puts customers at risk and exposure to criminal activities, or the next ransomware attack.
Some cybercriminals also threaten to erase or overwrite the data, making it unretrievable. Survey data from security vendor Venafi noted that 83 percent of ransomware attacks are double or triple-extortion.
Even after a ransom has been paid, there is no guarantee that the data will be decrypted: Boyd’s study noted that by 2021, only 8 percent of ransomware victims were getting their data returned in full.
So in a world of cybercrime and security breaches, the best bet is to gatekeep your data and prevent any potential attacks from occurring within your company.
Having a tried and tested recovery strategy is imperative in the case of a ransom, alongside ensuring cyber hygiene, staff regularly completing remote data back-ups and being trained to spot spoof emails and suspicious online content that might be the work of a cybercriminal.
Data is the lifeblood of any company and whether the amount of data is big or small doesn’t matter. Prevention is key, and oftentimes human error and relying on storage appliances isn’t enough. All companies need to take their data protection seriously and implement resilience plans, both for prevention and recovery.
Immutable storage is the best way to prevent data from being encrypted if the attacker has entered the network.
Adding immutable storage to the overall prevention strategy is an important element in ensuring that data can be recovered after a ransomware attack. It is often the very last line of defense that protects data from being encrypted after attackers infiltrate the network.
Fundamentally, immutable storage makes the backup resistant to encryption or deletion for the duration of a user-defined retention period, meaning businesses can recover their data from a clean copy without having to pay a ransom.
From my point of view storage solutions must at least provide:
- Immutability: ensure data is stored securely in immutable storage, so that in the case of an attack, the data can neither be encrypted, deleted or manipulated and recovered from a clean copy within a reasonable amount of time.
- Simplicity: data backup and security solutions need to be simple, easy to deploy and straightforward both to implement and to understand. This is for the sake of getting a company back on its feed during recovery procedures.
There is no guarantee that an organization won’t be targeted or penetrated by ransomware attacks but taking these steps towards immutable storage ensures a tighter prevention strategy and smoother recovery process.
There are two types of companies: those that have already been attacked and those that will be attacked in the near future. For both, it is important to make it as difficult as possible for an intruder to penetrate the network and that company data can be recovered quickly when disaster strikes.
Data storage and recovery strategies ensure companies can quickly recover and reboot systems, minimizing the blow from a ransomware attack. Having these solid strategies in place alongside employee involvement and access to the systems, is paramount for this.
Especially in a hybrid working environment, protecting your data and your company is key to reducing operational costs in the long run.