The plot of every Hollywood movie ever made about hostage for ransom situations always ends in the same way: the hero saves the day and the villain goes to jail. But real life isn’t always a movie, and holding data for ransom is becoming more common.
In fact, ransomware attacks are on the rise across verticals. Ransomware is a type of malicious software, or malware, that bad actors use to restrict access to data until the target pays a fee to the attacker. The ransom demand often comes with a deadline and if that deadline is missed, the data is gone forever.
In the case of real-life ransomware attacks, there is no Liam Neeson to come and save the day before organizations can be forced to pay. So, how can you prevent ransomware attacks before one begins? You need to prepare for a potential ransomware attack as you would for any other disaster that could disable parts of your infrastructure. With backups of your data and a restoration plan in place, you can rebound quickly from an attack without paying any ransom at all.
The rise and risk of ransomware
The relative ease of carrying out an attack and securing a payout makes ransomware an attractive option for cybercriminals. Ransomware source code and do-it-yourself kits can be purchased on the dark web for as little as $300. Despite ransomware’s ubiquity, most companies are caught off guard by attacks — and as a result, they often feel like they have no choice but to pay. U.S. companies paid $350 million in ransom in 2020 alone.
Unfortunately, every payment only encourages more ransomware attacks, and cybercriminals are increasingly testing the limits of how much money they can demand. If companies continue to cave to ransomers’ demands, these numbers will only grow.
To avoid becoming part of this troubling trend, protect your company by incorporating ransomware into your disaster recovery plans. Most large enterprises have existing plans in place, but they’re often focused on maintaining business continuity during natural disasters like earthquakes and hurricanes. Ransomware is a very different threat that requires its own precautions.
Designing your disaster recovery plan with ransomware in mind
The first step in any disaster recovery plan is to back up your data regularly — and properly. Ransomware can easily infect any backups stored in the same location as your operating data. For maximum security, follow the 3-2-1 method:
- Maintain at least three copies of your data,
- on two different types of media,
- storing one backup offsite.
Update your copies over different time periods (e.g., weekly and daily) so you’ll have a clean copy to go back to if your most recent copy is corrupted.
The rise of cloud storage has made backups significantly easier and less expensive. But to bolster your resiliency against ransomware, it’s important to store your backups separately from your everyday applications and data. If you use a cloud backup or disaster-recovery-as-a-service (DRaaS) solution, make sure they have security measures in place to prevent backups of infected files and to make your most important files difficult for ransomware programs to identify. Also, ask all your software-as-a-service (SaaS) vendors about how they back up data that’s stored on their platforms, especially for vital services like email. Ransomware can easily spread to data stored in third-party solutions, too.
Disaster recovery is about more than backing up data and applications, however. To ensure you can restore operations quickly in the event of an attack, you’ll need to restore your underlying infrastructure as well. Some companies opt to run a stripped-down version of their most vital infrastructure in the cloud at all times, so it can be scaled up quickly to support core business processes if main systems are disrupted. If you maintain an on-premise data center, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommends maintaining “gold images” of key systems such as servers and virtual machines so they can be rebuilt according to a template if the originals are corrupted.
Be ready for (almost) anything
Disaster recovery isn’t one-size-fits-all. To build a comprehensive plan, you’ll need to determine which backup and restoration options are the best fit for your specific systems and budget. Whichever options you choose, however, remember to keep recovery from ransomware top of mind and take precautions to protect your backups from infection. With the right plan in place, you’ll be prepared whether you’re facing a natural disaster or a real-life Hollywood hostage situation.