Product reviews, deals and the latest tech news

Ways to effectively get ready for ransomware

Despite the obvious connection between ransomware and the need for a solid security infrastructure, it seems that most IT settings have yet to make the connection. A new IDC poll of more than 500 CIOs from 20+ sectors throughout the globe makes this conclusion very clear.

Of all the findings in IDC’s analysis, the fact that 46% of respondents were hit by ransomware during the last three years is the most eye-catching. This implies that the ability to successfully recover massive amounts of data due to ransomware is now more important than ever in the wake of natural catastrophes. Decades ago, hardware failure was the most common cause of such restorations since a failed disc system usually necessitated a full restore from scratch.

Natural catastrophes and acts of terrorism are now front and centre thanks to the development of RAID and Erasure Coding. However, unless you lived in a very disaster-prone location, the odds of a single business being affected by a natural catastrophe were really fairly low.

Loss of resources and information

With a 46% possibility of being infected, the likelihood of falling victim to ransomware is about equal to the flip of a coin. Unfortunately, half of those who responded had data deleted, and 67% had paid the ransom. The 67% figure has been questioned by several readers who point out that these businesses may have been reacting to extortionware, a kind of ransomware.

A ultimatum like, “Give us $10 million, or we will reveal your organization’s dirtiest secrets,” can arrive at a company’s door. Putting that number aside, however, we still see that 50% of ransomware-affected businesses lost mission-critical data. This requires two flips of the coin. As the saying goes, this is not good news.

Are you ready for a fight? Most likely not

Sadly, the situation becomes much worse from here on out. Organizations that have been attacked and suffered data loss still have confidence in their capacity to recover. Eighty-five percent of those that participated first said they had an intrusion detection, prevention, and response cyber-recovery playbook. Assume “definitely” as a response from any company if you inquire about such a strategy.

The 15% who don’t seem to believe they need one can even get you to wonder what’s going on there. That makes them the equivalent of the fifth doctor in the old Dentyne ad where it was said that “Four out of five dentists polled suggested sugarless gum for their patients who chew gum.” The widespread nature of cyber attacks should serve as a sobering reminder to any company that has yet to implement a comprehensive strategy for dealing with the aftermath of such an event.

Organizations who fall victim to ransomware attacks should be given a pass. After all, ransomware is a dynamic field in which cybercriminals are always adapting their methods to stay ahead. 92 percent of respondents indicated their data resilience tools were either “efficient” or “very efficient,” which is puzzling. A reliable tool, it goes without saying, will prevent you from losing data and will let you to retrieve it without resorting to paying the ransom.

Reducing the impact of attacks

The process of identifying, reacting to, and recovering from ransomware involves numerous interrelated steps. By preventing the creation of new domains (thus cutting off command and control) and restricting internal lateral movement, your IT architecture may be designed to reduce the impact of an attack (minimizing the ability of the malware to spread internally). After a ransomware attack, though, you’ll need to use a wide variety of technologies, many of which would perform considerably more efficiently if automated.

One may, for instance, restrict IP transmission to the point where all lateral movement is blocked. If infected machines can’t talk to one another, the infection can’t spread. Once compromised machines have been isolated, the disaster recovery process may begin, which includes putting them back online and checking for further infection.

Automatic processes have tremendous potential

The use of automated processes is essential for achieving these goals in a timely manner. Instantaneous and concurrent task completion is now possible. If you choose to manually deal with the virus, expect it to propagate across your IT infrastructure, resulting in even more downtime. There is widespread consensus that automatic recovery solutions are essential, with 93% of survey respondents reporting their use.

Thus, about 90% said that their data resilience techniques were fully automated and efficient. To the contrary, if this were the case, only a minority of victims would have had to pay the ransom, and half of those targeted would not have lost data.

So, what does this imply? Consider your surroundings as the first lesson. Is there a strategy in place to deal with ransomware? Does it quickly put a stop to your surroundings to prevent any additional harm from occurring while you look into it? Can infected systems also be automatically recovered?