Ransomware: When Potential Becomes Reality – Fast Recovery is Priority

Posted 05/14/2017 by Gregg Ogden

We’ve all heard the warnings from industry gurus about the potential threat of ransomware, but for multiple reasons most of the warnings went unheeded. Perhaps it was denial that it could happen, or at least happen to you – or maybe the constant chatter of threats had numbed your senses to the actual risk that ransomware posed to your organization. Well, this past Friday (May 12), the 'potential' threats turned into reality. I hope you were one of the lucky ones left unaffected, as the largest cyberattack we’ve ever seen spread worldwide, ultimately upsetting businesses in more than 100 countries. Did you think your industry was immune from this 'WannaCry' incident?

 Think again, as this attack hit public service, government and commercial businesses alike – which has many asking, “Is my business truly protected?”  

Although we don’t have all the details yet on this historic attack, we know ransomware invasions often originate through endpoints, including things like desktop computers, laptops, smart phones, tablets or fringe computing resources. For one reason or another, though, these may not maintain the same rigor of security updates and control as the rest of your organization.

This event certainly solidifies the reality of the world in which we live. Once attacked, you only have two options: pay up (might as well make Bitcoin a line-item in your budget) or implement your data recovery plan - and do it FAST. Having a data recovery plan has always been a must, but what was once good enough may now leave you exposed in this new reality. In today's world, the scope and complexity of ransomware attacks continues to escalate.

For many organizations - probably some very similar to yours - this complexity is compounded by the fact that many of your key business applications might be running on older, sometimes unsupported and unpatchable operating systems, which lack the necessary security updates to stop the spread of potential attacks. Because of this, you need a Data Platform that not only covers your core enterprise, private and public cloud environments, but also one that can extend to Endpoint Protection. One that can store immutable, up-to-date copies of all these environments to ensure the ability to recover rapidly - should disaster strike.

Building on our experiences working with companies around the world, we've developed a list of best practices to protect and recover from ransomware attacks.

  1. Develop a program that covers all of your data needs. You must identify where your critical data is stored, determine your workflows and systems used to handle data, assess data risks, apply security controls, and plan for evolving threats. If it is not protected, it cannot be recovered.

  2. Use proven data protection technologies. You need solutions that detect and notify of potential attacks, leverage external CERT groups, identify and prevent infection, maintain a 'GOLD' image of systems and configurations, maintain a comprehensive backup strategy and provide a means to monitor effectiveness.

  3. Employ Backup and Data Recovery (DR) processes. Don’t rely solely on snapshots or replica backup. Your backup process data could just as easily be encrypted and corrupted if it is not stored in a secure way where a ransomware attack cannot get to it. If your process or vendors don’t offer ransomware protection that addresses the proper way to store your data, then your backup plan is at major risk!

  4. Educate employees on the dangers of ransomware and how to secure endpoints. Train your staff on all DR and data security best practices to get endpoint data protected within your Information Security Program. Most breaches are from good people making simple mistakes.

Evaluating your current ransomware threat readiness and applying these key steps will make sure that your organization is doing everything possible to avoid turning the long-term consequences of ransomware attacks from potential to reality. The goal, if affected, is to minimize the consequences and get your data back, and your business up and running quickly.

You need endpoint data protection to reduce your risk of data loss, preferably through one simple solution that includes your hybrid IT environment and your many endpoints. The best solutions cover your end-users with data protection, security and added visibility into all of their corporate data – whether stored on laptops, desktops or cloud-based file-sharing services. It’s all about maintaining control with comprehensive backup and search capabilities of files and folders – even those outside of your data center – and help with protecting against data loss from malware and ransomware attacks like we’ve seen this week.

The best solution will let you deploy either on-premises or in the cloud! Don’t let the new reality of ransomware win. Develop your ransomware protection plan, use tried-and-true technologies to recover, ensure your DR plan is rock solid and fast, and educate your users. Commvault can help.

Continue following this ongoing story at @Commvault, Facebook/Commvault and Linkedin.com/Commvault