'Business as usual' in the face of ransomware

In recent years, ransomware, which works by encrypting information and demanding ransom in return for decryption, has emerged as one of the single, biggest security threats to Australian businesses.

According to the Australian Cyber Security Centre (ACSC), there has been a significant surge in the number of ransomware attacks across the country in 2015, with 72 per cent of surveyed businesses indicating that they have experienced such incidents over the year.  

One of the primary reasons behind the rise of such malware attacks is the ability for cyber criminals to effortlessly extort money from individuals or organisations - and almost instantly. To boot, with the ease of access to ransomware-as-a-service, designed specifically to be so user-friendly it could be deployed by anyone with little cyber know-how, it is inevitable that the threat and impact of these attacks will only further intensify.

As the value of data increases in today's digitally-charged economy, businesses locked down by ransomware are forced to succumb to extortions in order to return to business as usual.

No 'silver bullet' for ransomware

So how can businesses fix this? Unfortunately, there is no silver bullet solution when it comes to recovering from a ransomware attack. While general malicious codes can be fixed by security solutions, the reverse holds true for ransomware. Once you are infected, it is too late - and there is basically no other way out other than to pay the ransom money in exchange for mission-critical data.

Organisations may think they already have the solution, but the increasing sophistication of cyber attacks only means that no company is entirely safe. Despite the availability of services in the market today for decrypting certain ransomwares, these will only be temporary solutions as attackers continue to evolve with the times and create variant ransomware.

More importantly, there is absolutely no guarantee that the cyber criminals will carry out the decryption after you've paid the ransom! In fact, around 20% of victims who paid the ransom did not get their files decrypted.[1]

Backups: Your first line of defence against ransomware

Effectively overcoming ransomware means being able to recover critical applications and data within minutes. When a disaster like this strikes, businesses must be able to recover within those first few minutes.

It goes without saying that the best countermeasure to any form of cyber attack is always prevention. In fact, data backup before infection is one of the sure-fire ways to recover data without succumbing to cyber criminals. Clearly, if you do not have a backup system or any similar alternative in place, the only option you have is to pay up.

Nevertheless, while businesses are already recognising the importance of backups and disaster recovery, they aren't necessarily doing it right. Instead of backing up on an external server, they have the backup system connected to all servers under the same network. This is a massive mistake as once ransomware has infected even just a single computer, it will gradually find its way into other connected drives and shared networks.

With competition amongst ransomware developers mounting, this has also opened up more vectors of attack across devices - be it Windows, Android or Mac operated and even smart TVs. As such, for businesses that  have yet to be hit, do not put your mind at ease as it's not a matter of if, but when.

Establishing a backup strategy that fits your data profile

In general, the backup strategy recommended for individuals and small businesses follows a '3-2-1' rule': Save at least three (3) or more copies in two (2) or more different formats, and at least one (1) copy offsite or offline. However, the methodology will not suffice for larger businesses.

When it comes to backing up data, the rule of thumb is to establish a strategy that's well tailored to your own data profile. By following a three-step backup strategy, businesses will put themselves in a better position to effectively counteract ransomware.

1. User data backup: This method backs up the files of employees in real-time. To avoid backing up infected data, it is vital to use a separate protocol not directly connected to the network. This way, data will be made invisible to the attackers. If regular backup is not implemented at a system level, employees must develop a habit of backing up their valuable files in a USB or other storage devices every day.

2. System backup: Ransomware not only encrypts data, but also deactivates important functions of an organisation's system. Hence, it is necessary to back up operating systems at least once every two weeks, as well as every time central components get an update.

3. Server data backup: Mission-critical data typically sits in the server environment and are operated 24/7. Given this, the data protection method for servers providing both internal and external services must be based on appropriate policies, and if necessary, the data must be vaulted in a separate location.

Threats concerning ransomware are continuously rising and evolving to this day. Ultimately, the best measure to deal with such attacks is to backup - it has never been more vital than now for businesses to set in place comprehensive backup capabilities to minimise damages in the fight against ransomware.

[1] Intermediate Ransomware 101: What your business needs to know about ransomware attacks, March 2016