Ransomware Attacks and Your Data Ecosystem

The dangers are real, but data storage can help with the recovery process

Corporate ransomware recovery plans are a critical issue that many businesses face. In recent years, ransomware attacks have become increasingly common and sophisticated, resulting in significant financial losses and disruption for all targeted organizations. Many sources report that the average cost to the victim organization of even a limited ransomware attack is in the millions of dollars, from initial triage to the final legal and regulatory fallout. I want to explore the impact that ransomware has on an organization and the steps involved in recovering from a ransomware attack, as well as the measures businesses can take to protect themselves from future attacks.

No Business Can Escape the Inevitable

The reality is that no organization is immune from ransomware attacks. Ransomware is a type of malware that encrypts a victim’s files and demands payments in exchange for a decryption key. An attack has a negative effect on every facet of the business and compromises enterprise data security and integrity.

Unfortunately, threat actors have become more sophisticated and always find ways to penetrate a protected network and surreptitiously survey likely targets for valuable data—this tactic ensures that there is a good chance for extortion before the actual attack phase is even carried out. Even more troubling, hackers are now using what’s known as double extortion when carrying out their attacks. Not only are bad actors encrypting data for ransom, but they’re also stealing datasets by offloading them from corporate environments and threatening to make them public. Their motives, however, are always the same: personal gain while simultaneously creating havoc and generating notoriety for their actions.

Ransomware attacks can result in the loss of critical data and disrupt business operations. If important (and sensitive) files are encrypted by ransomware, the victim organization must expend precious time to restore all data from backups, or worse yet must negotiate with the attackers for the decryption key. This can result in significant downtime and lost productivity, which directly influences the core business. Furthermore, ransomware attacks can damage a corporation’s reputation. If sensitive information is lost or stolen, it can lead to negative publicity and loss of trust from customers and partners. In some cases, it may even result in legal action and regulatory fines. All these challenges impact a company in a very devastating way: the bottom line.

Your Organization Can Prepare for the Worst

Cybersecurity professionals recommend that organizations today take a comprehensive and proactive approach to ransomware attacks. That means, don’t wait for an attack to start worrying about it! Without a doubt, data is an organization’s most valuable asset, so protecting your data must be the top priority. In most enterprises, the norm is an environment with multiple cloud providers, lots of remote employees, and data and resources that are no longer confined to the traditional centralized data center but rather distributed geographically. At OpenDrives, our recommendation is for organizations to have a trusted repository for their valuable and most sensitive data, a thoroughly tested backup and recovery strategy, all coupled with a zero-trust approach to security.

Zero Trust is a model that assumes all users and devices on a network are potential threats and should be treated as such during every requested transaction. In a zero-trust environment, every user and device must be authenticated and authorized before being granted access to whatever is being requested (such as a file or service). Authentication must be iterative no matter who or what the requesting entity is. This approach sharply contrasts with traditional security models that typically trust users and devices within specific zones of the network and only focus on protecting the perimeters of the overall network and its segments from external threats.

Recovery from an Attack is a Step-by-Step Process

In the event of a ransomware attack, the first step in recovery is to identify the source of the attack and take steps to prevent further damage. This may involve shutting down infected systems (including storage repositories), disconnecting from the network, and engaging the services of a cybersecurity expert to assess the extent of the damage and provide guidance on next steps. A victim organization must take these initial steps as soon as the attack becomes apparent.

Once the targeted organization has contained the immediate threat, the focus should be on restoring all systems and data along with a complete security audit. In some cases, this may involve paying the ransom and obtaining the decryption key from the attackers, though nobody likes to admit that as an expedient possibility. In fact, we at OpenDrives do not recommend this measure, as the victim has no guarantee that the attackers will follow through on their end of the bargain (they are criminals after all), and paying the ransom only encourages further attacks.

Instead, organizations should prioritize safely and rapidly restoring their systems and data from backups and/or immutable storage snapshots for quick rollback to get business up and running again.  You must have a comprehensive and up-to-date backup strategy in place to minimize the impact of a ransomware attack, a plan that you frequently assess, test, and modify accordingly.

In the aftermath of an attack, once you have restored all your systems and data, you should focus on preventing future attacks. This may involve implementing additional security measures, such as firewalls, intrusion detection systems, and data protection (encrypting drives or data), as well as providing regular training to employees on how to identify and avoid potential ransomware threats. Very often, these attacks depend on social engineering, or tricking people on the inside into clicking a link or somehow compromising the environment, so employees need to understand how to spot and avoid these shady tactics.

Don’t Go It Alone

Let’s face it, corporate ransomware recovery is a complex and challenging process, but your company will have to deal with this at some point if it hasn’t already. By taking the right steps and implementing effective security measures, organizations can minimize the impact of a ransomware attack and protect themselves from future threats. We can discuss with you how your storage infrastructure can be a critical part of the solution.