How Not to Be the Next Ransomware Victim

We’ve just witnessed one of the most devastating ransomware attacks ever recorded.  Last Friday, an estimated 200,000 computers across 150 countries were victims of a global ransomware attack on an unprecedented scale. 

The UK National Health Service (NHS) was among the known victims. The disruption to services was profound. Many hospitals were forced to cancel treatments and appointments. News reports urged people not to attend hospital unless their condition was life threatening!

New Webcast: “The Next Massive Ransomware Attack”. Learn vital strategies that will help your network avert the next ransomware attack.

The Ransomware Epidemic

While we haven’t experienced a global attack on this scale before, ransomware is nothing new.  It’s been around for decades. What is new, however, is the level of dependency that most businesses now have on IT applications and data. The more we rely on applications and data to provide mission-critical services, the bigger the opportunity becomes for cyber criminals.  

According to the Cyber Edge group, 61% of organizations were victim of a ransomware attack last year. One third of those victims reportedly paid to regain their data. Last year the FBI estimated that ransomware payments were approaching $1B in 2016 – and rising! $1B paid to criminals because victims had no way to access or recover the data they depend on to run their business or provide critical services.

Practical Steps You Can Take Right Now

We could talk forever about the importance of securing your network, updating all systems, educating users, and investing in the most sophisticated threat detection and prevention solution.  All of which are very important. However, it’s been proven time and time again that no matter how well protected you think you are, it’s not always possible to beat the cyber-criminals every time.

What’s even more important – in my opinion – is making sure that you have a recovery strategy in place that allows you to resume critical services with minimal data loss and zero impact on end users, even if you’re victim of the most sophisticated ransomware attack.

I like to keep things simple.  So when it comes to backup and recovery – with ransomware in mind – I think there are three simple things you can do to ensure you’ll never have to pay a dollar to criminals or risk the reputational damage that comes with being the latest cyber-attack victim.

1. Protect your data frequently

That may sound obvious. But I’m not talking about taking a full backup every day.  I’m talking about taking snapshots continually throughout the day at regular intervals.  Fortunately many products exist that enable IT to have this level of frequent protection. For example, products like Rapid Recovery can be configured to take snapshots as often as every five minutes if required. If you wanted to you could take incremental snapshots up to 288 times over the course of 24 hours. That way, if you were ever victim of ransomware attack you’d only ever have to worry about losing a maximum of five minutes worth of data.

2. Reduce your recovery times

In days gone by, it would’ve been acceptable to have a recovery SLA of hours or even days for business applications and data.  Not anymore! The expectations from users and business stakeholders regarding application uptime and availability have gone through the roof in recent years.  It’s estimated that 35% of servers have a recovery SLA of less than 15 minutes

A recent research paper from V3 (The Cost of Doing Nothing) confirmed that 77% of IT teams were worried that they could not meet the data recovery expectations of their business using their current strategies and tools.  Fortunately, technology does exist that enables IT to slash their recovery times to minutes. 

For example, Rapid Recovery uses a feature called Virtual Standby that essentially creates a mirror VM that’s continually updated to reflect the production machine.  The Standby VM could reside on the same location, an offsite location, or even up in the cloud.  If the primary server goes offline as a result of failure or attack then the standby VM can be activated and normal services resumed in minutes.

3. Guarantee data can be recovered

An old friend of mine often said “I’ve never seen anyone fired for not backing up, but I’ve seen many people lose their jobs for not being able to recover.”  Taking frequent backups is one thing, but the backups are useless if they cannot be recovered successfully.

For years IT teams have struggled with data backup and recovery tools that failed far too often. Many companies have regular disaster recovery tests to simulate a disaster and verify that all systems, applications, and data can be recovered in the event of a major attack or outage.  Another simple step is to use tools that automatically test and verify that every backup can be recovered.  For example, Rapid Recovery has an in-built feature called Verified Recovery which automatically tests ever single backup by running a test recovery ‘behind the scenes.’  The software automatically mounts every snapshot and verifies that the data is intact and can be recovered successfully if required.

There’s good news

Yes, ransomware attacks are on the increase and everyone from consumers to large global corporations are at risk of attack. But there’s also good news. 

It’s possible to adopt a recovery strategy that guarantees you’ll never have to pay a penny to cyber-criminals. By using tools that enable you to do the things listed above – protect frequently, reduce recovery SLAs, verify backups – then you can sleep easy knowing that even if the worst case scenario happens and you are ‘victim’ of an attack, then you can get full systems, applications, and data back online in minutes with zero impact on end users – as if the attack never even happened. 

Don’t take my word for it.  Here are just a few quotes from some of our customers who were attacked but were able to recover quickly and easily.

“We recovered several server VMs that had been compromised by a crypto virus, within hours.” — Adam Boggs, Network Systems Analyst, FFR Merchandising

“When you restore a critical system in less than 15 minutes, that makes you a hero.” — Leonardo Silva, IT Analist, InovTI Tecnologia 

“Quest saved us from a ransomware attack.” — Todd Wollin, Engineer, Rogers Memorial Hospital

“Recovery from CryptoWall – wow – what else needs to be said.” — Randy Larsen, President, Larsen Technology


Next steps

If you’re interested in learning more about the strategies and tools available to protect you from ransomware, I recommend you check out this informative on-demand webinar: The Cost of Doing Nothing: A Ransomware Story.  This webinar covers various topics including:

  • How ransomware works
  • How to lower your risk of ransomware attacks
  • How to respond when ransomware has already penetrated your network
  • Tools and resources available to prevent attacks and limit reputational damage

Watch Webcast

About the Author
John.OBoyle
Helping our customers and partners understand how Quest solutions help save them time and give them a competitive edge.