We are more than halfway through 2021, and ransomware threats are showing no signs of slowing down. The volume of attacks and amount of ransom demands are increasing at an alarming rate especially since the onset of the pandemic. As the world has been embracing the digital direction, malicious hackers are taking a shot at every possible way of stealing data and threatening businesses and individuals to compromise sensitive information publicly.
Having emerged as one of the most dangerous cyber threats in the history of computing, ransomware has spared no sector or industry. Attacks have become so prevalent and dangerous that they are now being treated as terrorist attacks. Since the COVID 19 pandemic struck the globe, there have been disruptive attacks against schools, health care, food production, fuel supply, and financial and insurance organisations. For instance, the education sector has been one of the top targets for malicious attackers following the sudden transition from an extensive offline learning model to an entirely online. It witnessed an astounding 388% increase in successful ransomware attacks during the third quarter of 2020.
While the best possible approach to avert this threat is to stay prepared and have a plan in place to refuse the payment of ransom, organisations are more interested in knowing how to prevent a ransomware attack and recover data without paying a ransom even if it gets breached by an attack. Here are a few ways of stopping the ransomware from finding and destroying the data backups:
- Ensuring in-depth defense
Ransomware is constantly evolving and attack strategies are fluctuating with data exfiltration extortions. Therefore, the best defense against ransomware and other advanced threats is to deploy multiple layers of security comprising three most pivotal steps; Deploying email protection for safeguarding against phishing and protect credentials; Protecting the applications and access to those applications; and Building a comprehensive data protection strategy with backup solutions that protect data on-premises and in the cloud. By focusing on these three steps, organisations can fully recover the data without paying the ransom
- Growing intensity of multi-vector attacks
Compared to the attacks conducted a few years ago like the direct WannaCry-style “compromise and encrypt”, ransomware attackers nowadays are opting for a more sophisticated multi-vector approach.
Even though they make the initial attempt through spear-phishing emails, but the attacks are not triggered immediately when a target clicks the malicious link. The initial step is used to steal the credentials of the victim that can be used to access an organisations’ network and stay there to evaluate assets, servers, databases, and the email platform. The attackers can continue this surveillance for a couple of months before launching their attack. The recent ransomware attack against the Irish health service body, the HSE can explain it well. The hackers claim to have spent two weeks inside the HSE’s network before unleashing the attack that encrypted and stole 700GB of patient data.
- Approaching backup solutions for weak points
While exploring an organisation’s network, attackers also look out for backup solutions to get easy access to backup schedules, configuration, retention policies, and the ability to start deleting things. They also target the backup storage itself with an intention to erase the primary backup server and any secondary disaster recovery backup copies that are being maintained by the victim organisation. Once they are able to identify the Active Directory passwords to stop anyone from logging in to their accounts, they can take control to pull the trigger.
Organisations may have cyber insurance or other resources to pay the ransom amount, but there is no guarantee that it will get the data restored. A global ransomware study shows that 80% of organisations that paid a ransom, were attacked again. Such attacks are a huge threat as their effects have to clear end. Companies attacked will not only get stripped of an unknown amount in sales, but they might also have their consumers losing confidence in their brand, leading to further loss of sales where chances of filing for bankruptcy may take place, depending on the impact.
This drives the need to re-think about backup in a new way rather than relying on the traditional 3-2-1 backup strategy to mitigate risks associated with ransomware. Businesses must opt for a comprehensive backup solution that provides immutable storage to prevent the attackers from gaining access to the backups or frisk through the data. It should also feature multi-factor authentication (MFA) to secure the accounts and credentials used to access the backup. The role-based access control feature in such solutions will not give the least privileged users access to the backup system. Meanwhile, multiple copies of the backup can be replicated and maintained in a secure air-gapped cloud that resides on an isolated network.
Ransomware attacks can be prevalent but even if they do manage to get through the barricades, the best course of action is to report the crime, seek professional help and say NO to paying the ransom.
Murali Urs is the country Manager, India at Barracuda Networks. Views in thi article are his own.