Ransomeware is in the news like never before. Everyone's talking about how important it is to keep up to date with Microsoft's security updates to avoid a recurrence. While that is undoubtedly important, is that all organisations can do to protect themselves? Here is a viewpoint on what businesses can do, even if ransomware does breach their security defences.
Most people reading this have, by now, heard of WannaCry, the ransomware attack that is all over the news. As a cyberattack, its scale is massive, with some calling it the biggest of its kind. As I write this, it has infected over 2,00,000 devices in 150 countries, with possibly several more to come as the new week starts.
On the flip side, an attack of this scale has the positive impact of raising awareness worldwide. Ransomware, despite having been around for several years, was largely unknown outside the security or tech community. It is a form of malware that has existed over the last 10 years or so, but really taken on a visibly destructive form in the past couple of years. It operates by encrypting ﬁles on the infected computer and then demanding a bitcoin ransom in return for the decryption key. Attacks can exploit a broad spectrum of vulnerabilities—although phishing is possibly the most common—basically enticing a user to click on an innocent-looking email attachment, which then drops a deadly payload on the computer.
Here are a few chilling facts:
The attackers in these cases are always faceless and nameless— there is no opportunity to reason or negotiate with them. The rise of bitcoin for transactions has also aided ransomware attackers by increasing their ability to remain anonymous.
Ransomware attacks can potentially be more damaging than classic breaches which result in stolen bank accounts or credit card information—many such losses are recoverable soon after the breach has been discovered, but lost business plans and product designs, which are a company’s crown jewels, can be irreplaceable.
While ransomware can attack any type of computer, in most cases, the infected computer is an end user’s laptop or workstation. Therefore, any data stored on local disks, file shares, and mapped network drives is vulnerable. Most popular cloud storage solutions also become vulnerable due to the replicative nature of their working. Since ransomware deletes the original files and replaces them with their encrypted versions, most cloud storage solutions faithfully replicate these changes in their repositories as well. While some of these solutions have file-versioning capabilities, they don’t usually have an option to perform a bulk restore of large amounts of data.
Sadly, existing anti-malware solutions cannot be relied upon to detect and stop all ransomware. The quick-moving malware underground ensures that anti-malware vendors are always playing catch-up.
Educating users on how to identify possible payloads and avoid them would seem to be the best approach against ransomware—after all, prevention is better than cure. While this can be effective, the reality is that the ransomware authors have to bypass a defence just once to do their dirty deed, and they constantly change tactics in order to do so. Even the best prepared amongst us can be outwitted at some point or another.
Much of the writing that has been done around WannaCry has focused on the Microsoft vulnerability and the importance of keeping systems updated. While this is certainly important, it cannot be a 100 percent defence against new ransomware variants that take advantage of zero-day vulnerabilities that are yet unprotected.
So what can one do beyond keeping up to date with latest OS updates and security patches? Experience tells us that the best defence against ransomware is a data backup. A clean backup of an organisation’s data can protect them from being held hostage by an attacker, even if their other ransomware defences fail.
How to use backups to defend against ransomware:
While educating users on the damaging impact of ransomware and keeping up to date on OS patches are both important things organisations should do, having a solid endpoint backup strategy is a critical step in readying yourself for a ransomware attack.
(Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of YourStory.)