Ransomware is casting a shadow across Australian business, as enterprises large and small fall victim to cyber criminals. These compromise corporate information with malicious code and demand ransoms. Their ‘ransomware’ acts by encrypting data on your client and server devices and demanding payment for its release.
Left unchecked, this method of extortion can be far more financially damaging to an organisation than the ransom payment itself. Failure to recover data (even after a payment) can result in total business failure. Having your data compromised and encrypted introduces many more risks to a business than a simple unlocking fee.
A cyber-criminal can also make money with low-value spam or DDoS attacks, or steal it from protected bank accounts - or use ransomware for $US500 to $1,000 in Bitcoins per victim.
Prevention better than cure
A co-ordinated, multi-layer approach is necessary to combat the ransomware threat – from gateway filtering to backups and end-user education.
Businesses can prevent data loss and ransom payments by introducing better backups and data protection policies. Prevention through defence, and particularly backups, is clearly the best security against ransomware attacks.
Businesses and IT service providers must put procedures in place to protect data before ransomware hits, and to recover vital business information in the event of an attack. According to Qbit, organisations need to start to use policies that block executables (crypto locker) from running in certain directories and implement more agile backup processes.
“Anyone backing up data every few hours, or twice a day, will not be protected as the recovery point objective (RPO) will be too far apart for most businesses,” says Fabio Suffell. Shorter backup cycles of 15 to 30 minutes will generally not impact on the production servers for most businesses, and for mission critical databases a maximum of 15 minutes between backups is recommended to ensure the RPO’s meet business continuity needs.
With only 30 minutes between backups, if data is hit with crypto locker, IT can go back to a backup and do a quick restore.
Data backup, proper information sharing practices, training and the right pieces in place for security control are pivotal to combating the problem among small to medium sized businesses.
Adopt Cloud and BAN strategies
Having backups directly attached to the same system, or servers on the same local network, exposes the backups themselves to being compromised.
To reduce this risk, a backup area network (BAN) should be used to keep backup data separate from production data. A dedicated backup and disaster recovery (BDR) server should be on an isolated network which can be locked down to ensure maximum security.
Good backup procedures entail protecting backup data by not allowing a single device like a NAS server to be taken over by ransomware. Other best practices include using ‘backup accounts’ on systems rather than administrator’s accounts, and having clear separation of duties for backup and restore processes.
Ensure you lock down access to a specific account that is not part of the domain structures and separate it from the rest of the network.
The use of permissions will minimise damage and people should have access only to what they need for their work. Backup to three different media; across two different systems and one that is air-gapped. When everything is connected to the same network multiple backups can be encrypted.
Look to the Cloud
Australian businesses have good options for leveraging cloud services for data protection. Bringing a cloud service such as StorageCraft’s into the mix will help to guard against problems, including ransomware attacks, by moving data off-site.
Cloud backups deliver fast recovery times and eliminate the risks your business might face from local system issues. Having a local copy of a backup is essential as it will ensure fast recovery of files and databases and will offer nearline disaster recovery if a server happens to fail.
“We are seeing at least 10 servers a day being hit by crypto locker and 90 per cent of the victims don’t have an offsite copy,” says StorageCraft expert Jack Alsop. “This is poor management – most businesses backing up to the cloud are recovering files these days.”
For best practice, ensure that cloud backups are automated and keep a close eye on how long it will take to restore the data if a local backup is not available.