The threat of ransomware attacks continues to grow quickly and their impact on businesses can be significant. For example, Intermedia’s 2016 Crypto-Ransomware Report notes that 72 percent of infected business users could not access their data for at least two days following a ransomware attack, and 32 percent of the businesses lost access for five days or more. Consequently, companies can expect significant data recovery costs, reduced customer satisfaction, missed deadlines and lost sales.
Ransomware essentially accesses and locks a system or encrypt data and files by generating a private/public pair of keys. The data are impossible to decrypt until the victim pays a “ransom” to unlock the system or files. Unfortunately, in many cases, even once the ransom has been paid, the attackers refuse to provide the decryption key, leaving victims without their money and their data.
The question then becomes: What can a company do to protect itself against ransomware attacks? A recent CFO article suggests that since CFOs are becoming more involved in driving IT decisions—such as the purchase of hybrid cloud and disaster recovery solutions that protect brand reputation—they must communicate regularly with CIOs. Regular meetings should examine IT risks, discuss ways to mitigate the risks and evaluate if the CIO has adequate resources. The team should determine if the business can continue to grow and scale while maintaining compliance, and ensure that disaster recovery and hybrid cloud strategies are relevant and effective, the article suggests.
Disaster recovery, in particular, requires constant evaluation. As companies revise their disaster recovery plans and evaluate existing technology or acquiring new technology, team members should ask a number of questions, the article continues. For instance, they should consider whether or not the organization can recover a point-in-time just seconds before an IT outage occurs so it may get critical data, applications, websites and individual files operational within minutes. Team members should also evaluate whether the organization is able to successfully and quickly run disaster recovery tests with a high degree of automation, or determine if such activity require long lead times, a large support team or expensive consultant resources. It’s also important to ask if the company’s existing infrastructure and disaster recovery technology stack provides the necessary flexibility to achieve continuous data protection with block-level replication and enterprise-class scalability.
It’s also worth noting that the Federal Bureau of Investigation (FBI) has also published its own guidelines for preventing ransomware attacks. The FBI recommends making sure employees are aware of ransomware and of their roles in protecting the organization’s data; ensuring antivirus and anti-malware solutions are set to automatically update and conduct regular scans; and managing the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary. The FBI also recommends disabling macro scripts from office files transmitted via e-mail; configuring access controls, including file, directory and network share permissions appropriately; and implementing software restriction policies or other controls to prevent programs from executing from common ransomware locations—such as temporary folders supporting popular Internet browsers, compression/decompression programs.
Is your organization taking steps to safeguard against ransomware attacks or be prepared to resume business quickly? What about key suppliers? What impact would their inability to access data or files for several days have on the rest of the supply chain?