What used to be the No. 1 worry of IT folks has become the No. 1 worry of the highest levels of management within an organization. That’s right, we’re talking about ransomware.
Unfortunately, like many of its contemporary, legitimate industries, ransomware has matured to a thriving practice for the bad guys. What can be done to mitigate a ransomware attack?
First, let’s talk about the state of the practice. Ransomware used to just be about preventing an organization from accessing its own data. Pay the ransom, get your data back. Nowadays, however, bad actors also threaten to steal your data and sell it to others. When that data includes personally identifiable information (PII), such as addresses and Social Security numbers, as well as other financial data, it’s obviously problematic.
As such, attacks are increasingly focused around large organizations that might have that kind of data, in a variety of sectors, both public and private. This doesn’t mean small businesses are off the hook. Small businesses, especially those dealing in financial services, or those that might have a need to collect large amounts of PII are highly targeted. It’s no longer the scattershot days of trying to hit anyone and everyone trying to get a bite. Like the bank robbers of old, ransomware purveyors focus on where the money is.
The bad guys have also fine-tuned their game such that ransoms are actually right-sized to the business. We don’t see Dr. Evil asking mom and pop for a billion dollars, but similarly, they don’t ask large enterprises for just a few grand.
Only a few months ago, we would caveat reports of organizations paying the ransom as “anecdotal evidence.” Those days are gone, as many victims have publicly admitted to paying ransoms. This is always a dicey proposal, as there isn’t much recourse if the bad guys don’t hold up their end of the deal.
While the outlook might appear bleak for those attacked, there are some steps businesses and government agencies can take to both discourage ransomware attacks and recover from them. These would be along the lines of “hope for the best, prepare for the worst.”
First, as we’ve said going back to the advent of computing, make sure you have a good backup. The old 3-2-1 method is still a good rule to follow. That is, keep at least three backups, save them to at least two different types of media, and keep at least one backup offsite. What 3-2-1 doesn’t address is that these backups must be tested on a regular basis to ensure viability. After all, the oldest joke in IT is that backups always work, it’s the restores that can be a problem.
While this won’t prevent the criminals from threatening to sell your data, it limits their leverage as well as their return. Furthermore, it makes it less likely that you will be attacked again. Remember, this is a mature industry, and these criminals keep track of who they’ve extorted and who might be easy targets. Already, organizations have reported being attacked multiple times.
Finally, while there have been reports of individuals being hit with ransomware, such attacks are not as common. The simple fact is that businesses and government agencies provide a far greater return on investment to the bad guys.
John Agsalud is an IT expert with more than 25 years of Information Technology experience in Hawaii and around the world. He can be reached at jagsalud@live.com
