There are many forms of ransomware, but generally speaking, ransomware is malware that infects your networks and handcuffs the data your business needs to remain in operation. The ransomware encrypts files, and ensures the encrypted data remains inaccessible, until a ransom is paid.

Typically, ransomware comes with some form of instructions on how to pay the ransom being demanded, often via difficult-to-trace cryptocurrencies like Bitcoin, which make it tougher to identify and prosecute perpetrators. Upon payment, ransomware perpetrators claim they will provide you with the decryption keys needed to restore critical data (although there’s no guarantee).

But the financial models are changing. The days of hackers asking for $300 worth of Bitcoin to decrypt data are gone. Nowadays, ransom demands commonly range anywhere between $1M-$10M. In addition, perpetrators are using new tactics to collect ransom, like threatening to publish personal information or the organization’s data openly if it doesn’t pay the ransom.

This often presents itself as a data breach, opening the organization to compliance violations from legislation like GDPR, CCPA or the new Washington state HB1071 bill changing its rules on Personal Identifiable Information (PII) data and breach notification.

Ransomware has become very sophisticated and can be incredibly difficult to remove from infected systems. That’s why it’s critical to create a layered defense to prevent ransomware attacks. Simply relying on security software and a backup and recovery solution as a prevention measure is not enough.

You back up your data on a regular basis, but this is only effective if the solution provides methods to prevent loss of the backup data itself. You can learn more about this topic in the white paper, Ransomware — a Defense in Layers, which explores how Quest NetVault Plus not only delivers comprehensive backup and recovery, but adds additional layers of ransomware protection by shielding backups from unnecessary exposure to ransomware perpetrators.

Consider the situation where a backup solution is using a network share. While it has permissions and user accounts associated with that share, the network share is still available on the network. A GPO attack that allows elevated domain access to servers and client machines will make it easy for a ransomware perpetrator to encrypt a network share containing backup data in real time.

Consider for a moment what a backup solution must achieve: It must move all your data from point A to point B as fast as physics will allow. This necessitates that it has access to all of the organization’s important data, applications, network, production storage, etc. In fact, it has more access than most corporate users, except for domain administrators!