The Oxford Dictionary states ransom as “a sum of money demanded or paid for the release of a captive.” This captive could be your data. Whilst this is not a position you would wish to be in, you would be able to redeem your data through payment of a ransom. But, this is not the only thing that you need to consider. The damage may have already been done to your customer response times, computer networks and balance sheets. Could you redeem your reputation as a business as quickly as a Bitcoin transaction?
Ransomware has existed since around 1989, in the form of the “AIDS” trojan. However, the digital currency Bitcoin, has allowed it to become a significant and global threat. We live in a world where the ransomware maker can sell malicious code to others who then use it against you. Email remains the predominant way to spread the virus but ransomware exploit kits are not far behind. They can cost under £4,000 and rival gangs then compete against each other for market share.
Should you be concerned about this?
- In the first half of 2017 Enterprise businesses only blocked 42% of infections (Source: Symantec)
- An IBM Security survey found that only 29 percent of small businesses had experience with ransomware, making these businesses more likely to be unprepared for the threat. (Source: IBM)
- In 2017 Reckitt and Benckiser issued a statement to say they expected sales to be reduced by £110 million due to the Petya ransomware
- 60 percent of malware payloads in Q1 2017 were ransomware. (Source: Malwarebytes)
- A Cisco 2017 report states ransomware is growing 350 percent annually. (Source: Cisco)
- According to a Kaspersky Lab survey, 34 percent of businesses hit with malware took a week or more to recover full access to their data. (Source: Kaspersky)
Of course, you will be able to redeem your data; these gangs need a good reputation or nobody would pay up.
But what about your reputation? Could you redeem that? Moving on, which solutions should you be looking at?
A primary reason for copying your data to tape was to protect against ransomware. Keeping that additional copy at arm’s length meant there was an air gap between the separate copies. If your backup server was exposed to a ransomware attack you had the peace of mind; your reputation and your data would be safe. But how is this relevant in the era of the disk-only backup solution?
- There’s one point that should be obvious. You have an offsite copy, but it doesn’t mean that you have an excuse not to tighten the security on your backup server. Read our previous blog on how to do this.
- Secondly, if you are worried about the spread of ransomware, it is imperative to have multiple copies of your backup data.
- Software replication may support you in this situation. If you want to increase resiliency within your backup environment, it is possible to replicate from a Windows based system to a Linux one. Rare is the ransomware that will make the jump from CIFS to NFS.
- Most backup products now offer the option to tier data to object storage in the cloud. This introduces a defacto airgap because of both distance and the difference in protocols. That said, data restores from object storage are generally much slower. As a note of caution, if you are pulling data out of the public cloud you may encounter unforeseen egress charges. Therefore, most data protection uses object storage for archive data; it tiers data on that medium based on age. This might not be ideal for recovery in a ransomware situation.
- Finally – although prevention is better than cure, there’s no substitute for effective monitoring. Several backup products have the facility for ransomware detection. They effectively check the profile of the data being sent into the backup environment. If there is a radical change that might indicate an infection, they can alert you before it spreads too far.
What does the future hold? 81 percent of cybersecurity experts believe there will be more ransomware attacks than ever in 2018. (Source: CIO Dive) According to McAfee, ransomware grew 56 percent in the past four quarters.
If you feel that the security of your current backup environment could be tightened, please contact your account manager or email me in confidence at smiller@silverstring.com
Steve Miller, CTO of Silverstring, helps organisations deliver improved returns on their investment in data protection.