Petya, a new global ransomware, has infected hundreds of companies in Europe. The number is growing. And in May 2017, WannaCry targeted Windows computers by encrypting data and demanding Bitcoin ransom payments.
Businesses all over the world are losing time, money, and data to ransomware. Making a bad situation worse, enterprising criminals offer Ransomware-as-a-Service to other bad guys, making it even easier to launch this type of malware attack.
What is Ransomware?
Ransomware is a type of malware that encrypts a computer’s files. A phishing email link or attachment usually introduces it. When the user clicks on the link, malware uploads onto the email client and from there can travel the network to additional computers. The malware encrypts files with its own code, and messages the victim that they must pay or they won’t be able to access their files.
Businesses and individuals do need to invest in anti-malware initiatives to keep themselves safe. Strengthen spam filters, train your employees to be suspicious of emails, patch software (especially operating systems), buy and upgrade the best anti-virus software you can find, and deploy network intrusion detection.
However, should a ransomwaren attack succeed you do not necessarily have to pay up or lose your data – not if you have immediate access to failover, secure cloud backups, and fast restores. While IT and InfoSec work to identify and block the malware intrusion, you can thumb your nose at your would-be attacker.
Backup as a Service to the Rescue
Not just any backup will do. When you’ve been hit by ransomware, you need to restore recent backup fast so you can continue operating with a minimum of data loss.
The fastest response to an attack is to activate a failover website in the cloud using your most recent data backups. The advantage of the cloud backup service is that you can failover in the cloud to keep your applications running while IT quashes the malware and restores backup on-site. Once your local network is clear of threat, you can restore your backup data on-premise while would-be ransom artists move on to lower-hanging fruit.
Even if you don’t choose a failover option, you need a high performance, reliable, and secure backup and restore process to defeat a ransomware attack.
- Performance. Accelerated transfer speeds let you efficiently backup recent data to the cloud, and restore it quickly when needed. Best practice is to invest in a high-performance backup service like Zetta, which is optimized to manage large data sets at production speeds. Typical WAN optimization will include advanced change detection and data compression at the source, multi-threaded transport technology for in-transit, and high-speed ingestion in the cloud side.
- Reliability. You need to trust that when ransomware hits you, you can recover quickly and reliably within your RTO and RPO. Choose a backup solution that builds full backups from delta level changes, and that automatically restores fully hydrated data. Data validation with strong cryptographic hashing also ensures reliability.
- Security. When you know that ransomware has hit your system, the security of your backup data is more important than ever. To secure in-transit backup and restore, use strong transfer encryption like SSL or Secure WebDav over HTTPS, and secure IPsec VPN tunnels.
When it comes to ransomware, make it hard for attackers to get any value from your business. Protect your network against malware and exploits, and train your users to recognize sophisticated phishing attempts. (Not to mention ignoring Nigerian princes’ pleas.)
In case a malware attack should get through, be sure that you have a strong backup-restore process in place. Such an infrastructure morphs a ransomware attack from a serious threat to a mere annoyance.
For more on protecting your network from ransomware, download Zetta’s Ransomware Prevention List.