Ransomware is indiscriminate – prepare for failure


Ransomware attacks are becoming increasingly common. In the last 12 months, 76% of organizations were affected by ransomware attacks, which represents a 15% increase year-over-year, according to Veeam’s 2022 Data Protection Trends Report. Ransomware is not only becoming more common, but also more potent. On average, when organizations are hit by ransomware, they are unable to recover over a third (36%) of the data lost. The threat landscape is more volatile than ever. More attacks take place. They are more diverse. And they can have serious consequences for the companies affected.

On the other hand, organizations need to focus on what they can control – their defenses, rather than trembling in fear at the sheer power of cyberattacks waiting to be unleashed against them. To protect your business from cyber attacks, you need to follow some basic and consistent principles no matter what comes your way.

Wild West ransomware

There is a lawless and brutal feel to the current cyber landscape in which businesses operate. It is difficult for governments to hold cybercriminals accountable, and companies often strive to minimize public attention to an incident that compromised them. This contributes to a situation where almost all of the focus is on the victim (the company) rather than the criminal (the attacker).

Furthermore, ransomware – and most modern cybercrime – deals with victims almost indiscriminately. The fact is that every business is a goal. Yes, hacktivist organizations like Anonymous use organized cyber attacks as a means of administering social justice and to denounce corporations or governments they deem immoral, illegal or dangerous. But even the most philanthropic and virtuous corporations can beg a cybercriminal gang to restore their data and systems while demanding a hefty ransom from them in return.

You often see a comparison between cyber attacks and fishing. Hence the term “phishing”, which refers to the use of an email or text used as a bait to trick a victim into “biting” – in this case by clicking on the link and unknowingly receiving malware downloads to their device. With ransomware in particular, we are now seeing industrial-scale attacks that are more akin to trawling. This isn’t some guy with a rod who casts out to get a bite from a fish or two. They’re AI-infused algorithms programmed to target everyone and everything – playing a game of blind numbers to catch what it can.

This indiscriminate nature is compounded by the fact that cyberattacks are generally difficult to contain. For example, cyberwarfare between nation-states is a threat to any organization – not just those in the line of fire. We saw this with the NotPetya attack in 2017 – an attack on a specific utility company – which impacted several unrelated organizations through a completely organic spread of chaos. Attack types are also evolving. For example, the LokiLocker attack was one of the first reported strains of ransomware that contained a disk wiper feature. This means that organizations are not only forced into ransom demands by banning services and threats of data extortion. Now they face complete data loss if they don’t pay.

Consistent defense principles

There is good news for companies. Regardless of how scalable, spreadable, or malicious an attack is, these various developments can be viewed as attackers simply deploying more and bigger weapons. The basic principles of preparing your defenses against even the most sophisticated and powerful ransomware remain relatively the same.

First, practice impeccable digital hygiene. All employees must be trained to recognize suspicious content and warned of the repercussions that misuse of work equipment can have. Despite all the power in the hands of cybercriminals, in many ways their greatest weapons are unsuspecting employees who give them the keys to a corporate network’s backdoor. Given the scatter gun approach adopted by many cyber attacks today, criminals may not specifically target your organization. But if you turn out to be an easy hit, you become a victim.

With this in mind, all organizations must prepare for their defenses to fail, no matter how robust you might think they are. Concepts like zero trust and the use of techniques like two-factor authentication can be useful to limit an attacker’s access to data by taking over someone’s workstation. Ultimately, the best way to protect data is to ensure it is securely backed up and fully recoverable before an incident occurs. Follow the 3-2-1-1-0 backup rule, which states that there should always be at least three copies of data on at least two different media types, at least one external and one immutable or offline, with zero unconfirmed backups or errors.

While the headlines and constant discussion about cybersecurity and ransomware can be daunting, it’s important to remember that the basic measures to protect data remain the same. Modern data protection strategies ensure organizations can protect all data from cyberattacks, server failures, accidental loss and deletion across physical, virtual, cloud, SaaS and Kubernetes environments. Investing in a data protection strategy and leveraging a solution that enables continuous backup and disaster recovery (DR) can give organizations peace of mind that, in the worst-case scenario, they will never have to pay the ransom.


About Author

Comments are closed.