You’ve seen the headlines – organizations with their data held hostage and payouts to perpetrators to restore it. With new strains of ransomware and other malware threats on the rise, your enterprise and customer data is continually at risk despite steps you’ve taken.
Data protection in the new normal: A conversation with Commvault CIO Reza Morakabati
What is ransomware protection?
The cyber threat landscape, including ransomware, has transitioned to a case of “when,” not “if.” To ensure you can recover your data, you need the right solution with the best technology, the right people, and processes.
Organizations require tools (such as anomaly detection, immutable backups, air gap, and data isolation support) to measure their recovery readiness state continually. They do this to expose and remediate problems, validate the recoverability of their data and business applications, and improve their security to reduce their risk profile. In the event of a successful attack, fast restores are required to resume business operations quickly.
How does ransomware spread?
Ransomware is often spread through email phishing messages that contain malicious links or through drive-by downloading. Drive-by downloading happens when a user unintentionally visits a contaminated site, and malicious software (malware) is downloaded onto the user’s computer or mobile device. A drive-by download usually exploits a browser, application, or operating system that is out of date or has a security flaw. Ransomware then uses these vulnerabilities to find other systems to spread to.
How to get rid of ransomware?
When ransomware does occur, you need to have a validated copy of your backup data that can be quickly restored to resume business operations. For a trusted and protected backup data copy, organizations need a layered approach that encompasses multiple security tools, resources, controls, best practices, and strategies. These various layers of security controls are applied within Commvault and around the Commvault infrastructure to help ensure the backup data is secured and recoverable. These steps provide the confidence that when an attack does occur, your backup data is ready.
How to minimize ransomware exposure?
The goal is to reduce risks and minimize the effects of ransomware. Ransomware mitigation requires a combination of best practices and constant vigilance, along with a layered approach. Steps to reduce ransomware include:
- Educate end-users on how to avoid ransomware and to detect phishing campaigns, suspicious websites, and other scams.
- Harden and secure the infrastructure, including systems and networks
- Keep software, firmware, and applications up-to-date. This will reduce the risk of ransomware exploiting common vulnerabilities.
- Use anti-virus software with active monitoring that is specifically designed to thwart advanced malware attacks.
- Employ Commvaults AAA Security framework controls for intelligently controlling access to computer resources, enforcing policies, and auditing usage.
Evolution (Types) of ransomware
It is easy to assume that all ransomware is similar, and it is not uncommon to think that one size fits all in terms of prevention and preparation. However, because each ransomware type is usually developed to attack different, specific networks, they can be very dissimilar in how they work. It is essential to understand the different types currently being used (keeping in mind that it is also possible to combine multiple types of ransomware). If your organization is attacked, and you do not have a plan to defend against the different types of ransomware, the likelihood is that the attack will have a more significant impact on your company.
Here are five types of ransomware:
- CryptoWall– is responsible for a high percentage of ransomware attacks. Typically, CryptoWall attacks its target through phishing emails. The WannaCry ransomware virus is a derivative of the Crypto family and was at the core of the largest cyberattacks ever perpetrated. Unfortunately, the creators of CryptoWall continue to release new versions designed to get around security protections.
- Locky– as the name implies, is what it does (locks you out of files and replace the files with the extension .lockey). However, its name misses the most damaging part of this type of ransomware – its speed. Locky has the distinction of spreading to other files throughout the network faster than other strains of ransomware.
- Crysis- takes data attacks to a new level – actually kidnapping your data and moving it to a new virtual location. The significance of this aspect of the attack is that because it qualifies as a breach, if your company works with personal data, organizations must contact anyone who may have information on your network to stay in compliance with local, state, and federal guidelines.
- Samsam- attacks unpatched WildFly application servers in the internet-facing portion of their network. Once inside the network, the ransomware looks for other systems to attack.
- Cerber- attacks the database server processes to gain access instead of going straight after the files. Its creators sell the ransomware software to criminals for a portion of the ransom collected, i.e., Ransomware-as-a-Service.
- Maze- is a variant of ransomware representing the trend in what is called “leakware.” After data is encrypted, bad actors threaten to leak ransomed private data on the dark web unless the ransom is paid.
Ransomware prevention and knowledge must stay at the forefront of organizations’ security efforts. Unfortunately, since hackers continuously become more sophisticated in their ways to encrypt data and develop new ransomware, you must continually monitor those developments.
Maintaining business continuity is a top priority
Can you restore your data – no matter what? You need to ensure your data is always available in an increasingly complex environment. You’re managing more endpoints and applications, with more potential points of attack and risk. You also may have moved substantial data to the cloud. But if you don’t have a ransomware recovery plan or are dependent on manual processes, it could take weeks to recover your data and applications after a breach. And without quickly knowing what data was involved in an incident, you can’t notify those impacted in a timely, compliant way.
Reduce ransomware threats from end to end
Check out one of our topical webinars
Ransomware strikes: Behind the scenes of a ransomware recovery
Ransomware: Staying ahead of the global threat
React faster, detect attacks to reduce its impact
Be alerted to potential ransomware/malware attacks so you can quickly react and ensure minimal impact to users and businesses.
Gain the visibility needed for proactive compliance management and timely incident remediation and reporting.
Leveraging insightful analytics, you’ll easily monitor the entire data pool, risk profile and compliance status with alerts, dashboards, and reports.
Rapid restore to mitigate the business impact of malicious events
With built-in automation, policies and scripts, you will eliminate improvisation, ad hoc measures and avoid lost time when a full and speedy recovery is required.
Thanks to reliable disaster recovery, you’ll minimize productivity, financial and legal impacts by swiftly returning users, systems and the business to productive operations.
Ensure quick, reliable and scalable recovery of data on-premises, in the cloud, or wherever it’s hosted.
How to test ransomware protection
Your staff and third-party resources are up to speed on processes and infrastructure.
Regularly test and report your data, applications and systems that can meet your recovery service levels.
Assess readiness for future attack scenarios against endpoints, applications and backup infrastructure and make necessary adjustments.
A complete ransomware strategy includes both reducing the risk of a successful attack and lessening the impact of an attack that does succeed. There are five things you need to do: plan, prevent, monitor, restore quickly, and test.
- Create a plan: an effective strategy is a foundation for a full and speedy resumption of normal operations.
- Prevent attacks: proactive steps, including foundation hardening, application hardening, and ransomware protection.
- Monitor your environment: always be on the lookout for any anomaly, detecting the attack as quickly as possible to reduce its impact.
- Restore your data: perform fast restores with an intact and secure data copy to quickly resume normal business operations and reduce the ransomware impact.
- Test your plan: perform frequent tests to verify you can meet your defined SLAs for high-priority data and applications.
With ransomware, there is both opportunity and risk – that’s the reality for businesses today and the people responsible for protecting the data. So how do you prepare? With Commvault solutions, you can ensure you do the one thing that matters most if you fall victim: Recover Fast.
What you can do with Commvault’s single, integrated Data Recovery solution
Don’t let ransomware make your organization a victim. With Commvault, you’ll have an end-to-end solution that improves threat and risk mitigation across all endpoints and applications. You will always have recovery readiness and greater confidence in your data backup, recovery and compliance.
Secure your data, your recovery and your mission
Commvault Customer Champion Live: State of Colorado
Protecting your environment from ransomware with Commvault