It’s a message every IT manager dreads.
‘Your personal files are encrypted by CTB-Locker. To decrypt the files, you need to pay 3 bitcoin.’
Yet, unfortunately, getting locked out of your company’s own data – and then being expected to pay a ransom to get it back – is becoming more common as cybercriminals get craftier. Like pesky bed bugs that have become immune to deterrents, ransomware attacks such as CryptoLocker, CryptoWall, Locky, TorrentLocker and Virlock are constantly evolving to sneak past all the new defences that IT security experts are busy building up.
According to a 2017 Veeam poll, nearly 46% of companies have experienced a ransomware incident in the past two years, of these, 91% had data that was encrypted. Other research predicts that the cost of data breaches is expected to reach $2.1 trillion globally by 2019, in line with the growing trend for companies to digitise an increasing amount data.
Unless you’ve got a rock-solid availability strategy in place, you face two difficult options: pay the ransom or say goodbye to the data. For companies in some industries, the cost of not getting your data back is too great to ignore. Recently, a hospital in the US paid about $60,000 in the cybercriminal currency of choice, bitcoin. The hospital didn’t want to risk waiting for the FBI’s cybercrime task force to unscramble the encrypted patient data.
Yet for others, the idea of paying to get their data back is unacceptable. Paying the ransom perpetuates the problem, with the money going straight to the criminal underworld to fuel more cybercrime. So what can you do about it?
Building up internal defences
It goes without saying that system administrators should be adopting best practice security measures to prevent cyber attacks. In an era of BYOD and remote users, this gets challenging – but it’s about securing and segmenting end-points, controlling access and having a clear knowledge of where all data points reside.
It’s also about educating employees about safe practices online. All it takes is for one employee to open a rogue attachment in an email for malware to potentially invade your entire system.
But, let’s face it, even with the most rock-solid defences in place, there is still a very real risk that you will be hit with a cyber attack at some point. But what we’re seeing is that while most companies may feel confident they could recover their data quickly with low impact on their business, the reality is it is probably unlikely.
If you don’t want to pay cybercriminals a ransom to get your data back – or face costly delays and reputation damage while you scramble to get the data back yourself – then you need to change the way you approach disaster recovery.
Use the 3-2-1-1-0 rule
The 3-2-1 rule for disaster recovery is timeless, and most system administrators would be well aware of it. This rule states that you should have:
- At least three copies of your data
- Stored on two different media
- With one backup copy offsite
The 3-2-1 rule gets you out of most data-loss problems, including many ransomware attacks. But sometimes, even offsite backup copies are not enough. Even though online backups are offsite, they can still be encrypted or even purged by hackers who have managed to infiltrate the network – which means you’ve lost everything. This risk can be reduced by leveraging VM replication or storage snapshots but these are still considered online.
That’s why we now recommend another ‘1’ – an offline copy on an external drive. Yep, we’re talking old-school tape or rotating hard drives. Any storage device that can be powered off and removed from the network can count. These data repositories do not enable direct data access and are resilient against data propagation, helping you further reduce your risk of data loss.
If tape or external drives sound too old-school then another option is to use Veeam Cloud Connect. This takes backups to a cloud service provider for secure storage and backup. You can send backup data automatically and set a timeframe for how long you store backup files before they are deleted. Cleverly, these deleted files are housed in a ‘recycle bin’ where they can’t be touched or deleted for a set period of time. This recycle bin offers insider protection to help prevent even determined hackers or malicious employees from destroying backups.
The ‘0’ part of the backup rule concerns validating your backups, when using an availability solution such as ‘Veeam Availability Suite’, it’s very easy to verify your backups are error free and recoverable. In the past, this was an intensive and manual process, meaning many businesses never checked their backups but a solution like Veeam has the capacity to automatically validate backups using ‘SureBackup’, powering up a VM backup and assessing it in an automated and repeatable fashion. This gives you the confidence that your system can stand up to whatever malware is thrown at it.
Keep the end goal in sight
The end goal in any disaster recovery strategy is to get data back quickly and in good order. Data backups must remain immune to infection from malware even when all your other systems are struck down. Then, those backups must be easily accessible for the right people so that, in the instance of an attack, you’re not held back by unnecessary downtime.
It’s all possible – it just takes a little thinking to outsmart the cybercriminals.