A ransomware attack, now what?
Oh no, your equipment is encrypted. Now what? Above all, don’t panic. After all, all is not yet lost.
- Don’t pay! This sends the message that this kind of activity is profitable.
- Find out which malware has infected your disk with the Crypto Sherrif. In fact, it could just be that there is already a decryptor out there, which will get your data back in no time. This website is supported by Europol.
- Isn’t there a decryptor available? Then keep checking the No More Ransom website, because who knows, one will become available soon.
What can you do to prevent a ransomware attack?
According to Forrester, cyber insurance premiums are rising 30% and some insurers are even having to exit the market. Extortion demands are rising, which has put a dent in a once highly profitable industry.
Forrester also expects at least one of the top 10 cyber insurers to stop new business.
So plenty of reasons to be wary. You can’t prevent it completely, unfortunately, but you can make sure your fortress is properly secured.
You can do this with a cybersecurity checklist, so you won’t have any surprises.
Below we collect a few do’s and don’ts surrounding ransomware.
1. Don’t pay a ransom!
Because that only encourages and funds the criminals.
And even if the ransom is paid, you have no guarantee that you will regain access to your files, because who knows, there may be more money to be taken from you.
Hand on the line, then. If we all stop paying, the fun will soon be gone.
2. Make sure you have a good backup
Always have a good backup of all your files. This is really the fastest way to regain access to all your data.
Encrypt backups to keep them out of the hands of cybercriminals.
With an encrypted clean backup, you can prevent the ransomware from reaching your backup and have your data back quickly.
Here are some best practices to protect your backups from ransomware:
Maintain a second offline backup
When ransomware strikes, the malware can attack anything the infected system has access to.
It is unlikely that your end users are backup administrators, but there are indirect paths through which backups can be infected.
If this happens, there is no way to recover because both the master copy of the data and the backup will be encrypted. Keeping an offline backup can reduce this risk.
One easy way to do this is to use traditional backup tapes, which are impossible for ransomware to crack.
Use immutable storage
Also known as WORM (Write-Once-Read-Many), immutable object storage can store data in a bucket and lock it to prevent further modification.
Most disk-based backup systems protect data at the block level and use monitoring of changed blocks to protect files as they are changed.
The problem is that ransomware modifies many storage blocks, so your backup system can eventually back up the now encrypted files.
Immutable storage ensures that backups remain unchanged.
Endpoint protection on backup servers
Modern endpoint security platforms are capable of detecting ransomware processes as soon as they begin to infect a system.
By recognizing their abnormal behavior, even if the type of ransomware is new and unknown to security specialists.
They can immediately lock down infected systems and isolate them from the network to prevent ransomware from spreading further.
This is useful for all endpoints in the organization, but is especially important on the backup server itself.
Increase backup frequency
Look at how often you back up your own data, which determines your recovery point objective (RPO).
The frequency of backups determines how much data can be lost in a ransomware attack.
Even if you back up once a day or once every few hours, you have to consider what it will cost if you lose all the data since the previous backup.
Consider backing up business-critical data at least once an hour.
The 3-2-1 backup rule to mitigate ransomware risks
The 3-2-1 rule is a general best practice for recovery and backup that can help mitigate ransomware risks.
No backup strategy is foolproof, but following the 3-2-1 rule is quite a powerful approach to preventing loss of your data.
Here’s how 3-2-1 backup rule works:
- Have at least three copies of your data – one master copy and two backups
- Use two different media formats, for example, an SSD drive and cloud storage
- Keep one of these copies off-site. The safest option is to store data on a tape and keep it in a very secure location. Another option is to automatically take snapshots of data to a location for disaster recovery.