It is easy to assume that all ransomware is similar, and it is not uncommon to think that one size fits all in terms of prevention and preparation. However, because each ransomware type is usually developed to attack different, specific networks, they can be very dissimilar in how they work. It is essential to understand the different types currently being used (keeping in mind that it is also possible to combine multiple types of ransomware). If your organization is attacked, and you do not have a plan to defend against the different types of ransomware, the likelihood is that the attack will have a more significant impact on your company. 

Here are five types of ransomware: 

• CryptoWall– is responsible for a high percentage of ransomware attacks. Typically, CryptoWall attacks its target through phishing emails. The WannaCry ransomware virus is a derivative of the Crypto family and was at the core of the largest cyberattacks ever perpetrated. Unfortunately, the creators of CryptoWall continue to release new versions designed to get around security protections.
• Locky– as the name implies, is what it does (locks you out of files and replace the files with the extension .lockey). However, its name misses the most damaging part of this type of ransomware – its speed. Locky has the distinction of spreading to other files throughout the network faster than other strains of ransomware.
• Crysis- takes data attacks to a new level – actually kidnapping your data and moving it to a new virtual location. The significance of this aspect of the attack is that because it qualifies as a breach, if your company works with personal data, organizations must contact anyone who may have information on your network to stay in compliance with local, state, and federal guidelines.
• Samsam- attacks unpatched WildFly application servers in the internet-facing portion of their network. Once inside the network, the ransomware looks for other systems to attack. 
• Cerber- attacks the database server processes to gain access instead of going straight after the files. Its creators sell the ransomware software to criminals for a portion of the ransom collected, i.e., Ransomware-as-a-Service.
• Maze- is a variant of ransomware representing the trend in what is called “leakware.”  After data is encrypted, bad actors threaten to leak ransomed private data on the dark web unless the ransom is paid.

Ransomware prevention and knowledge must stay at the forefront of organizations’ security efforts. Unfortunately, since hackers continuously become more sophisticated in their ways to encrypt data and develop new ransomware, you must continually monitor those developments.

Ransomware is often spread through email phishing messages that contain malicious links or through drive-by downloading. Drive-by downloading happens when a user unintentionally visits a contaminated site, and malicious software (malware) is downloaded onto the user’s computer or mobile device. A drive-by download usually exploits a browser, application, or operating system that is out of date or has a security flaw. Ransomware then uses these vulnerabilities to find other systems to spread to.

The goal is to reduce risks and minimize the effects of ransomware.  Ransomware mitigation requires a combination of best practices and constant vigilance, along with a layered approach. Steps to reduce ransomware include:

• Educate end-users on how to avoid ransomware and to detect phishing campaigns, suspicious websites, and other scams.
• Harden and secure the infrastructure, including systems and networks
• Keep software, firmware, and applications up-to-date.  This will reduce the risk of ransomware exploiting common vulnerabilities.
• Use anti-virus software with active monitoring that is specifically designed to thwart advanced malware attacks.
• Employ Commvaults  AAA Security framework controls for intelligently controlling access to computer resources, enforcing policies, and auditing usage.

The cyber threat landscape, including ransomware, has transitioned to a case of “when,” not “if.” To ensure you can recover your data, you need the right solution with the best technology, the right people, and processes.

Organizations require tools (such as anomaly detection, immutable backups, air gap, and data isolation support) to measure their recovery readiness state continually. They do this to expose and remediate problems, validate the recoverability of their data and business applications, and improve their security to reduce their risk profile. In the event of a successful attack, fast restores are required to resume business operations quickly. 

When ransomware does occur, you need to have a validated copy of your backup data that can be quickly restored to resume business operations. For a trusted and protected backup data copy, organizations need a layered approach that encompasses multiple security tools, resources, controls, best practices, and strategies. These various layers of security controls are applied within Commvault and around the Commvault infrastructure to help ensure the backup data is secured and recoverable. These steps provide the confidence that when an attack does occur, your backup data is ready.

Can you restore your data – no matter what? You need to ensure your data is always available in an increasingly complex environment. You’re managing more endpoints and applications, with more potential points of attack and risk. You also may have moved substantial data to the cloud. But if you don’t have a ransomware recovery plan or are dependent on manual processes, it could take weeks to recover your data and applications after a breach. And without quickly knowing what data was involved in an incident, you can’t notify those impacted in a timely, compliant way.