Cyber criminals are not only becoming more and more sophisticated but also bolder. The most insidious computer crime today doesn’t involve viruses or stealing credit card numbers. Instead, it comes in the form of ransomware – rogue programs that hold an entire organization’s data hostage with unbreakable encryption and demand a ransom for the decryption key.
These attacks are becoming increasingly common. In 2015, there were 2,453 reported ransomware incidents, in which victims paid about $24.1 million, according to the FBI. Security researchers found that the number of users who came across crypto ransomware in the last year increased by more than 500 percent from the previous year.
In the past few months alone, new and more powerful ransomware has appeared, with criminals targeting sensitive entities like healthcare facilities. For example, MedStar Health, a major healthcare provider in the Washington, D.C., region, was forced to disable its network for several days after a ransomware attack early this year, while Hollywood Presbyterian Medical Center in Los Angeles, California, paid $17,000 in response to an attack in February.
Ransomware is flourishing for two basic reasons.
First, it’s simple economics. Rather than dealing with the trouble and risk involved in stealing credit card files and peddling them on the black market, criminals using ransomware can simply sit back and wait for the victims to pay. Of course, the criminals don’t always send the decryption key in return – these are thieves, after all.
The second reason is that a ransomware attack is incredibly difficult to prevent. It only takes a single click within an email or on a website for an unsuspecting employee to activate the code that encrypts an entire system and triggers a ransom demand. Even if an enterprise has the most updated anti-virus software or access restrictions on sensitive files, it remains vulnerable to ransomware via just one unsuspecting user.
While it’s difficult for an enterprise to feel completely confident in preventing a ransomware attack, it can take steps to mitigate the effects of this new and destructive type of malware – and recover normal operations in minutes or hours – if the proper precautions and recovery plans are in place.
The most important recovery element is real-time protection of data, which means backup copies of all files and data are stored securely in the cloud rather than local desktops. To be most effective, this needs to be accomplished automatically, with a copy being synced up to the cloud every time a file is edited or saved. These backups let a business “roll back” to the moments before a ransomware attack and recover all its files – even in cases where the ransomware has affected large numbers of users within the organization.
It’s also important that the software or service you use to create these backups is capable of excluding the kinds of encryption files known to be associated with ransomware – so you don’t wind up restoring the very files that created the problem in the first place.
Finally, businesses must establish a retention policy. Whether you choose to retain deleted files forever or for a specified time period, a retention policy will allow your original files to be retrieved after they are deleted or encrypted by ransomware. This is a critical part of a recovery plan as it can allow files to be restored quickly and won’t hold you back with a time-consuming and expensive recovery process.
Cybercriminals are an unfortunate reality in today’s marketplace, and it’s easy to fall victim if you’re unprepared. By being aware and maintaining the right backup strategy, however, your company can minimize the damage from these attacks and turn the tables on this latest generation of attackers.
Brian Levine is Senior Director of Security and Compliance at Syncplicity.