VOX

Ransomware attacks are quickly becoming lucrative methods for cybercriminals to extort money from businesses. CRN recently reported that “Municipal governments, universities and private businesses have spent more than $144 million responding to the biggest ransomware attacks of 2020 (so far).”

According to Coveware, the median size of companies targeted by ransomware was 62 employees in Q1 of 2020  – which shows that even though ransomware has focused in on enterprises, small businesses are still at risk of having their data encrypted.

Ransomware encrypts or blocks access to victims' computer files, data, and servers until a demanded ransom is paid. And with the interconnected world, IT systems are vulnerable since their networks are rarely offline.

To address the growing threat of ransomware, here are some tips to build up your defenses.

Follow Industry Best Practices

There are several best practices that can be adopted throughout the organizations to mitigate the risk of intrusion and limit the scope of such intrusions when they do take place. Firstly, educating your organization’s employees to recognize, avoid, and report suspicious activity can go a long way. Many ransomware attacks start via malicious emails utilizing social engineering to trick employees. Ensure your employees understand the basics, such as these examples listed below.

•           Do not download files or programs from torrent sites
•           Do not open emails or email attachments from unknown senders
•           Do not disable antivirus /antimalware
•           Verify suspicious email from familial contacts if it has an attachment or link

Beyond education, there are also tools available to organizations to minimize the opportunities ransomware can use to infiltrate your systems. Multi-step authentication, passphrases, and managing permissions can prevent infiltration or limit ransomware spread once it has successfully breached defenses. Be sure to keep your software patched early/often, some ransomware relies on known vulnerabilities to infect your organization. Another best-practice is to follow what is known as the “3-2-1” methodology – ensure you have 3 copies of your data, on two different types of media, and one offline copy (preferably offsite). This methodology provides several layers of protection against malicious attacks, through separate methods of access and some copies that only you can retrieve.

Use the Best Data Protection Solution

Backup is your last line of defense in the case of a ransomware attack – should preventative measures fail (such as firewalls, security software, employee education), a clean backup of your data allows you to restore infected systems. However, it is not enough to simply HAVE a backup solution, there are a few key steps that should be used to minimize risks.

• Backup up your data frequently and consistently – frequent backups will help achieve a smaller Recovery Point Objective (RPO), meaning that less data will be lost in the event you have to restore from backups.
• Some ransomware will target backups, so it is wise to keep some backup copies detached from the backup server – via media such as tape, cloud storage buckets, rotated media, or RDX cartridges
• If removable/offline media are not an option, you can use a data protection solution which is also ransomware resilient

Last year, Veritas Backup Exec 20.4 has introduced a feature called "Ransomware Resilience". This feature is useful for providing an extra layer of security to disk storage hosted on a Backup Exec Server, by ensuring that only write requests originating from a trusted source are completed. All other write operations to the backup storage are blocked. Ransomware Resilience v2, introduced in Backup Exec 21, also adds protection to the Backup Exec services, preventing malicious code injection by ransomware.

Rehearse your recovery

Finally, once you have your backups properly configured and protected it is important to test the recovery process. As the old saying goes, “Trust, but verify” which should always apply for your mission-critical data. Practicing recovery procedures not only validates whether your data protection solution can deliver on its promises, but also serves to help familiarize you and your team with the process so that it is easier to execute in the case of an actual issue.

Ransomware is a tricky threat to deal with, but with proper comprehensive measures, best practices, and a rehearsed recovery process in place it can be a lot less painful to encounter.

For more information on Backup Exec Ransomware Resilience, please check out our documentation, and view our ransomware protection checklist.