Mark Nutt at Veritas Technologies puts the case for preparation rather than negotiation criminal ransomware gangs
Ransomware has become a fact of modern business. Ransom payments made in Bitcoin went up 311 per cent last year, driving a healthy profit for the perpetrators, given that off-the-shelf ransomware can be purchased for about £500.
But, does the success of the ransomware shadow economy mean we should treat it like any other cost of doing business? The FBI has softened its stance on ransomware payment, acknowledging that executives have to consider all options when their company is in danger. Downtime can be deadly for organisations, and if the only thing standing between you and your company’s mission-critical data is a small ransom, it’s easy to see why someone would cave in and pay.
However, paying the ransom can be the start of a slippery slope. And an international group calling itself the Ransomware Task Force has recently called for a number of measures to encourage organisations to resist payment. Short-term gain can quickly turn into long-term pain as your company remains susceptible to attack. Organisations also need to consider the impact it can have on their reputations. The damage to their brands from giving in to a ransomware attack can run deep and have lasting effects on their businesses. In every case, having a strong backup plan that helps you recover your data is much better than having to pay for a hacker to return it.
Crime doesn’t pay you back
Companies need to be wary of seeing ransomware payment as even a temporary solution to a ransomware attack. Less than half (49%) of businesses that pay up actually retrieve the data that was stolen or encrypted. Once the criminals have their payment, they have no incentive to help their victims or honour the ransom. Furthermore, showing willingness to pay can be equivalent to painting a target on your back. We shouldn’t underestimate the connectedness of ransomware networks or the people that run them. Paying once could attract the attention of other attackers who see you only as a source of recurring revenue. In fact, Veritas found that once companies had experienced one ransomware incident, they went on to suffer an average of 4.46 attacks.
Yet, there’s another element to consider that’s often forgotten when it comes to ransomware – the customer. Global research from Veritas on customer sentiment towards ransomware shows that less than a quarter (23%) of consumers think businesses should negotiate with cybercriminals. UK consumers are the most resistant, with over three-quarters insisting that businesses take a stand and refuse to pay up.
Businesses have a responsibility to customers to keep their data safe and protected. However, the majority of consumers, it seems, won’t accept this at any cost. Indeed, just under half say they would stop using the services of an organisation that fell foul of a ransomware incident. If a business surrenders and pays the ransom, it stands as much chance of getting its data back as it does of winning a coin toss. What it can be certain of, however, is alienating a large portion of its customer base. That’s a dangerous game to play.
Don’t be a victim, be prepared
Business leaders want to avoid ever finding themselves in a data-loss scenario in the first place. When security has been compromised and precious data encrypted, a company wants to be in a position where it can simply restore the data from another, safe, source. Prevention is of course the best option, but it’s not always possible. When defences inevitably fail, businesses need a strong, multi-level backup strategy to stand up to their attackers and take back control.
If you lose the sole copy of a file to ransomware, you may never get it back. Creating multiple copies of that file, however, means that you have a backup. It’s advised to keep at least three copies of data, on two devices and with one copy offsite.
It’s important to remember that most companies don’t have an infinite supply of disk space to rely on. Aimlessly creating backups can quickly deplete their available storage, forcing staff to undertake the task of scrubbing systems of unneeded data to free up capacity. Carefully managing data retention periods stops this from becoming an issue. Companies should keep track of how many copies of a file they need and where they are stored. A master catalogue will help staff to find data quickly, allowing them to maintain the data estate as needed.
Isolating backups on different environments is another critical step. When defences have been breached and ransomware starts spreading through the network, protection environments should be like islands. Using the cloud as a space for backup storage can be a good option to create an air gap away from the production network. Separate from your main network and updated with the latest security policies, cloud storage can be a low-cost and scalable counter defence. Data copies that are stored on premise should be immutable.
Finally, businesses should aim to ensure that their recovery processes are resilient. Scheduling regular rehearsals and surprise tests can help to uncover any issues early on. A backup strategy is often composed of many complex moving parts, people and systems. Walking through the process of responding to a data-loss incident in a controlled environment can help iron out any kinks and enable employees to do the right thing when it counts.
The challenge ransomware poses to businesses is great, but it needn’t be insurmountable. In almost every case, giving in to the ransom demand can be avoided if an organisation has been prepared. A robust and multi-layered backup strategy gives businesses a better option. Restoring encrypted data through a secure backup takes the attacker’s power away. The company doesn’t break its customer promise and it avoids having to answer the difficult question – to pay or not to pay?
Mark Nutt is Managing Director International Region at Veritas Technologies
Main image courtesy of iStockPhoto.com