For the best web experience, please use IE11+, Chrome, Firefox, or Safari

How to prevent ransomware in your organization

As we all know, ransomware attacks represent a significant danger to all organizations. In fact, according to a 2019 report from Forrester Research, the number of ransomware attacks on enterprises is up 500% over the previous year. Furthermore, Forrester projects that malware attacks will cost businesses $11.5 billion — and that doesn’t even factor in the intangible costs of losing trust from your customers and partners.

To reduce the risk to the business, IT teams must not only have a plan, they must have the technology with which to recover after an attack. Two critical components include antivirus software, to alert you when an intrusion is being attempted, and comprehensive backup and recovery software, to help you restore the files that ransomware holds hostage.

But even comprehensive backup and recovery isn’t enough if the malicious software also has access to your backup files. That’s why it’s important for IT organizations to have backup and restoration software that also restricts your backup data, and other core components, from exposure to ransomware perpetrators.

IT analyst firm DCIG recently explored SME data backup and recovery solutions with prominent anti-ransomware capabilities. The report, entitled DCIG Top 5: SME Anti-Ransomware Backup Solution Profile, explores one of its Top 5 picks: Quest NetVault Plus.

How do ransomware attacks work?

How do ransomware attacks work?

There are many forms of ransomware, but generally speaking, ransomware is malware that infects your networks and handcuffs the data your business needs to remain in operation. The ransomware encrypts files, and ensures the encrypted data remains inaccessible, until a ransom is paid.

Typically, ransomware comes with some form of instructions on how to pay the ransom being demanded, often via difficult-to-trace cryptocurrencies like Bitcoin, which make it tougher to identify and prosecute perpetrators. Upon payment, ransomware perpetrators claim they will provide you with the decryption keys needed to restore critical data (although there’s no guarantee).

But the financial models are changing. The days of hackers asking for $300 worth of Bitcoin to decrypt data are gone. Nowadays, ransom demands commonly range anywhere between $1M-$10M. In addition, perpetrators are using new tactics to collect ransom, like threatening to publish personal information or the organization’s data openly if it doesn’t pay the ransom.

This often presents itself as a data breach, opening the organization to compliance violations from legislation like GDPR, CCPA or the new Washington state HB1071 bill changing its rules on Personal Identifiable Information (PII) data and breach notification.

How does ransomware get on your computer?

How does ransomware get on your computer?

There are various methods ransomware uses to gain access. Some could be classified as “spray attacks,” which cast a wide net to reach as many victims as possible through methods like phishing emails. One of the most famous ransomware incidents, the 2017 WannaCry ransomware attack, exploited a known vulnerability: Eternal Blue. Businesses that didn’t keep software updated opened themselves up to this vulnerability, allowing the malware to gain a foothold in the IT environment.

This attack was introduced via a spray method: Mass email with attachments or links to websites, document links to file-share sites, etc. Most instances came as the result of an end user downloading a document or payload that was then executed on the end user’s laptop or mobile device.

Phishing attacks aren’t the only method, however. Another well-known example, BadRabbit, infected computers through malware disguised as an Adobe Flash installer. There are even known cases of infected USB flash drives being left in car parks or office lobbies and being picked up by unsuspecting users who plug them into a laptop, thereby infecting their operating systems.

You can explore more about how to protect your organization from ransomware by watching a recent webcast entitled Ransomware — How Protected Are You? The on-demand webcast explores best practices from data protection industry veterans on preventing ransomware attacks, and how data protection technology can help in recovery after an attack.

Can you remove ransomware?

Can you remove ransomware?

Ransomware has become very sophisticated and can be incredibly difficult to remove from infected systems. That’s why it’s critical to create a layered defense to prevent ransomware attacks. Simply relying on security software and a backup and recovery solution as a prevention measure is not enough.

You back up your data on a regular basis, but this is only effective if the solution provides methods to prevent loss of the backup data itself. You can learn more about this topic in the white paper, Ransomware — a Defense in Layers, which explores how Quest NetVault Plus not only delivers comprehensive backup and recovery, but adds additional layers of ransomware protection by shielding backups from unnecessary exposure to ransomware perpetrators.

Consider the situation where a backup solution is using a network share. While it has permissions and user accounts associated with that share, the network share is still available on the network. A GPO attack that allows elevated domain access to servers and client machines will make it easy for a ransomware perpetrator to encrypt a network share containing backup data in real time.

Consider for a moment what a backup solution must achieve: It must move all your data from point A to point B as fast as physics will allow. This necessitates that it has access to all of the organization’s important data, applications, network, production storage, etc. In fact, it has more access than most corporate users, except for domain administrators!

Questions? Contact Us

Conclusion

In the end, even the most prepared organization can’t completely protect itself against ransomware attacks. But you can limit the risks when you have a backup solution that not only allows you to restore all your data quickly and fully, but also:

  • Mitigates the risks of ransomware impacting your business
  • Reduces the number of core components that can be attacked
  • Limits exposure to data capture techniques
  • Restricts your backup data from ransomware
  • Offers source-side deduplication to reduce the amount of data being sent over a network

Resources

NetVault® Plus
Datasheet
NetVault® Plus
NetVault® Plus
Get application and data protection for physical, virtual and cloud environments
Read Datasheet
Ransomware – Defense in Layers
White Paper
Ransomware – Defense in Layers
Ransomware – Defense in Layers
Ransomware isn’t new and it’s here to stay. Even though you can’t make your organization completely immune against ransomware attacks, you can mitigate the risks when you have a backup solution that not only ensures comprehensive backup and recovery, but also shields your backups a
Read White Paper
DCIG Names Quest NetVault Plus a Top 5 SME Anti-Ransomware Backup Solution
Technical Brief
DCIG Names Quest NetVault Plus a Top 5 SME Anti-Ransomware Backup Solution
DCIG Names Quest NetVault Plus a Top 5 SME Anti-Ransomware Backup Solution
This report from IT analyst firm DCIG reviews one of its Top 5 SME Anti-Ransomware Backup Solution recommendations: Quest NetVault Plus.
Read Technical Brief
NetVault
Datasheet
NetVault
NetVault
Get application and data protection for physical, virtual and cloud environments
Read Datasheet
QoreStor Data Sheet
Datasheet
QoreStor Data Sheet
QoreStor Data Sheet
Accelerate backup speed, reduce storage costs and use the cloud for disaster recovery.
Read Datasheet

Related Products

NetVault Plus
NetVault Plus

Enterprise data protection, backup acceleration, deduplication and replication.
NetVault
NetVault

Get application and data protection for physical, virtual and cloud environments
QoreStor
QoreStor

Accelerate backup speed, reduce storage costs and use the cloud for disaster recovery.