Though ransomware has existed for decades, threats are more advanced, evasive and widespread than ever before. Industry experts report that, by 2021, there will be a ransomware attack on a business every 11 seconds. Here’s what you need to know about ransomware protection for your organization.
What Is Ransomware?
Ransomware is a dangerous malware that attackers design to wreak havoc on the infected computer or computer system until a specific ransom is paid. Ransomware spreads like a disease throughout all connected systems, including shared storage, and encrypts each file until it’s no longer accessible to anyone but the attacker. Many people unwittingly download ransomware through email links and attachments, webpages, pop-ups, link-follows on social media, removable media or through the Ransom as a Service (RaaS) network.
What Is a Ransomware Attack?
A ransomware attack is when the ransomware creator or user targets a specific individual, business or entity as the victim of their attack. One of the biggest indicators of a ransomware attack is unknown extensions attached to files that weren’t there before. These extensions are a symptom of encryption. The attacker will submit instructions, often through a file, with a list of demands and threats and a deadline for you to submit payment. Ransomware may remain dormant in your system until it begins accessing your data, credentials and information.
The biggest threats a ransomware attack poses to you include:
- Financial: The FBI does not support paying a ransom threat during a ransomware attack, as there’s no way of knowing it will help you get your information back. It also encourages ransomware attackers to continue. However, that doesn’t mean there aren’t significant financial losses associated with ransomware. Ransomware took a global toll of $11.5 billion in 2019, and that’s projected to grow to $20 billion by 2021. When your system gets overrun and becomes inaccessible, this could mean hours, days or weeks of costly downtime for businesses. After an attack is over, replacing or repairing damaged software or files may also incur a list of costs.
- Reputation: Though ransomware infections are common, they remain a large wound to businesses’ and institutions’ reputations. Consumers want to know their information is safe, and when that’s compromised, the effects can be devastating. Many businesses see a loss in revenue and clientele, even after data recovery.
- Security: For sensitive information — like identities, social security numbers, banking and financial accounts, passwords and reports — the most significant threat is the loss and exploitation of this data.
You should also note that even once an attack is over, symptoms of a ransomware infection can remain.
What Puts You at Risk
Organizations of all types and sizes are at risk for a ransomware attack — 20% of ransomware victims in 2019 were small and mid-size businesses. Attackers often target smaller institutions for a trial run of their ransomware before moving on to their intended target.
In the past year, the following North American industries reported ransomware attacks the most frequently:
- 15.4% in government
- 13.9% in manufacturing
- 13.2% in construction
- 11.1% in utilities
- 10.4% in professional services
- 7.5% in retail
- 7.1% in real estate
- 6.1% in hospitality
- 5.7% in health care
- 5% in education
Signs of a Ransomware Attack
Think you’re under attack? Here are some of the most common indicators of a ransomware threat:
- You’ve received a ransom: Ransom notices are the most apparent indicator of a ransomware attack, but they aren’t a guarantee. Some threats may also present themselves as a ransomware attack, even if they aren’t. Ransom notes usually take the form of a splash screen that displays specific instructions upon startup, including the amount of money the other party is demanding, a specific time they want payment and other details.
- You can’t access files: If you can no longer access files, documents, applications and images on your computer, you might be under attack. Note the presence of error messages.
- You see unexplained file extensions: Some of the most common extensions for healthy files are .exe, .jpeg, .doc and .pdf. Unusual or uncommon extensions might appear during an attack, including .crypted or .cryptor. In some cases, file extensions may disappear entirely.
It’s important to remember that suspicious activity and malicious attacks may not always be for ransom. Spyware, adware, trojans and drive-by attacks are equally as common and possibly very serious. If your computer or network is experiencing any abnormal symptoms, but no ransom has presented itself, you must still take steps to remove, repair and prevent further issues.
Your Next Steps
If you do not plan to pay a ransom amount — which may or may not grant you access to your files again — here are some steps to take following a suspected ransomware attack:
- Disconnect other devices on the network, including computers and storage, from the internet.
- Report the attack to the Cybersecurity and Infrastructure Security Agency (CISA), your local FBI Field Office or a nearby Secret Service Field Office.
- Try to identify the type of attack you’re experiencing, including the specific strain.
- Document all events, including where you found the ransom note. Submit a picture of it with your report.
- Recover deleted files and restore your system from a backup, if possible.
- If necessary, you may have to fully wipe your drive and reinstall the operating systems before restoring files. If you’re working with the CISA or a similar agency, do not change anything on your system until instructed to do so.
Creating a Plan of Action
Once you’ve reported your attack, you must protect yourself against future ransomware threats. Though the risk of a ransomware attack is always present, your organization can take steps to protect itself, including:
- Back up all data in an external space separate from your computer and network.
- Train your organization to recognize, avoid and report signs of a malicious attempt.
- Keep your computers and malware protection up to date.
- Install firewall protection software.
- Practice caution with all emails, web addresses, attachments and links.
- Stay informed about trends and emerging threats in the virtual world.
- Utilize email filtration systems and always verify senders before opening.
- Work with a cybersecurity team to get a professional assessment of your system needs.
- Invest in a malware protection program that will keep your system safe.
- Maintain a disaster recovery plan should your system fall under attack.
Storage Solutions for Ransomware Protection
Tape storage has been a trusted data storage and backup method for decades because it’s reliable and cost-effective and offers a fast restoration process. Tape is often the last line of defense against a severe ransomware attack and should be an integrated part of every organization’s backup and disaster recovery plans.
Traditional tape requires you to manually send them away for long-term retention and off-site disaster recovery protection. This is a complex process that often renders it difficult to restore data afterward.
A more practical option involves advanced tape storage systems. Storage solutions like these offer a few critical ransomware protection benefits:
- On-premise storage: Advanced tape storage systems allow you to store your data securely on-site. These libraries generally range in size to accommodate the level of data you need to protect, so you won’t lose capacity by moving your storage location to your premises.
- Offline storage: If a storage library is on-site but offline, malevolent actors cannot access the critical data.
- Air-gapped storage: Air-gapped storage provides an additional layer of protection. An air-gapped storage system maintains an isolated copy of critical data with no connection, direct or indirect, to any network. Hackers cannot reach the stored information even through indirect means. This storage option provides the cyber resilience necessary to give you and your clients peace of mind about data security.
- Isolated recovery: Ideally, the isolated copy of the data should be accessible through multiple recovery points, so a pristine copy will always be available for recovery, even while the storage infrastructure and data remain segregated.
In addition to daily backups to the disk, the tape system sends a weekly or monthly replication of your data to the cloud for easier off-site disaster recovery. This system is fast and simple and leaves less room for error.
Contact DataSpan to Get the Ransomware Protection You Need
DataSpan is one of the country’s largest data storage and protection distributors in the United States, and we’re here to help you protect your business. Schedule a security consultation with DataSpan, and we will assess your existing data storage and utilization, make recommendations and develop a security plan that fits your needs. Find a DataSpan representative near you to get started.