Ransomware: Your Money or Your Strife?

Ransomware is an actual business. Driven mostly through ransomware-as-a-service platforms run by organised criminal gangs, it’s the fastest growing threat today. And it’s no surprise. Given a single attack campaign can net criminals millions of pounds, in return for very little risk, expenditure or chances of being caught.

Ransomware has become successful because of its impressive ability to evolve. It sneaks past existing defences like secure email gateways and desktop anti-viruses with ease, and then tricks users into running its viral payload themselves for that added killer punch.

And it does not discriminate. It attacks organisations of every size, geography and industry. Although some are hit harder, given an assumption that their data is more valuable to the operational ability of the business. Most organisations struggle to keep up with the rapidly changing threat landscape and barrage of attacks. And as a result, are now looking at a broader cross section of technologies to protect themselves and importantly to recover post attack.

Methods of Entry

Ransomware needs a means of entry, some method of delivery, and an ability to execute. It finds its way in through email or maliciously coded websites using a trojan code. The trojan needs a way to download and deliver the ransomware once launched. At this point, trojans rely on macros, javascript, and even vulnerabilities found in Java, Flash, web browsers, and browser plugins.

Preparing for Ransomware

Assuming it’s a ‘when’ and not an ‘if’ ransomware will strike, it’s critical to prepare in every way possible. To either thwart an attack, or to minimise its impact. There are a few common recommended steps:

  • Patch everything, patch often
    According to the 2016 Verizon Data Breach Investigations Report, the average time to develop an exploit to a published vulnerability is only 30 days.
  • Use a multi-layered defence strategy
    Many organisations put their trust in antivirus solutions, which rely on signatures and behaviours to identify maliciously-intentional code. And so, a combination, including antivirus, email protection, endpoint protection and user training is needed. Part of the layered approach includes some ability to identify the presence of malware / ransomware and notify IT so that the instance can be isolated and eradicated.
  • Planning the road to recovery
    Ransomware readiness and protection strategies can’t simply contain steps that are designed to stop it from entering an organisation. So to be truly prepared, the plan must include measures that allow any manipulated data and systems back into a productive, pre-ransomware state.

Conclusion

Organisations might think it cheaper to simply pay the ransom, however the success of recovery should not rest on trusting criminals that data will be decrypted perfectly, with data integrity perfectly maintained. Therefore, relying on data recovery from tested backups provides 100% confidence in recoverability.

Ransomware authors are proving themselves to be formidable adversaries. And with social engineering and unsuspecting employees on their side, there doesn’t appear to be any end in sight in the near future. We partner with Veeam Software as the innovative provider of solutions that deliver ‘Availability for the Always-On Enterprise’. Customers save time, mitigate risks, and dramatically reduce capital and operational costs.

‘Ransomware: Your Money or Your Strife?’ extracts taken from the ConversationalGeek® and Veeam executive brief entitled ‘Making Recovery Part of your Ransomware Preparedness Strategy’

Download Whitepaper

Making Recovery Part of your Ransomware Preparedness Strategy, to find out more download the whitepaper.

Download Whitepaper