The Accelerating World of Ransomware
Have you been hearing more about ransomware recently? It seems like every day there’s another news headline, vendor presentation, or story about data held ransom.
So, what’s driving this “buzz”? Is it just a media-created frenzy, or are there actual changes in the ransomware landscape?
Ransomware: A Maturing Landscape
Per ZDNet, the cost of ransomware attacks rose from $25M in 2015 to $1B in 2016–an incredible rate of growth.
The landscape is evolving into a structure similar to the IT market; there are ransomware vendors, “channel partners” or providers, and (of course) customers. Ransomware vendors now sell “kits” to aspiring hackers that offer various degrees of customization, encryption types, and technical skill required to use. This is a thriving industry, as exemplified by the barrage of stories on organizations such as public transportation services, school districts, and hospital after hospital.
Customer Service from Ransomware
Once your files are encrypted by ransomware, you are their customer–albeit a very unwilling one. In a darkly ironic twist, ransomware providers are ramping up their customer service efforts to give technical support on using Bitcoin and other related tasks. In some cases, the hacker even pays a percentage of ransoms back to the vendor. This new sector reveals a maturing marketplace with continuing investment that will likely lead to further growth.
Competing with You
We in IT are used to competition in certain ways. For instance, we compete with SaaS providers, internal shadow IT, and solutions providers who integrate technology (rather than doing so internally). What we’re not used to is an industry that competes with the core inefficiencies of modern IT. That is, the near-impossible challenge of keeping all systems patched, training end users on security practices, and updating antivirus systems. This is not a failure of individual IT administrators, but the reality of the complex technological world we live in today.
What Can You Do?
It’s easy to get overwhelmed in this anxiety-inducing IT landscape. But even amidst these threats, there are several key things you can do to help protect your data:
Complexity is the enemy of reliability. In terms of IT and ransomware, simplifying your backup architecture is key.
Regardless of how good your pre-attack protections are, statistics suggest that an attack is inevitable. Acknowledging this, everyone from the FBI to Kaspersky recommends having backups that are validated and can be quickly and easily restored. In theory, that solves the problem since most organizations have backups.
Unfortunately, in reality, most backup systems are complex, have high operational overhead, and deliver slow and complicated restore methods. This makes them ill-suited as a primary line of defense for ransomware attacks.
Ensure Your Backups Are Immutable
What’s the point of a backup if it can be compromised? Here at Rubrik, we know that immutable snapshots are non-negotiable in an effective backup solution and have baked it into our architecture from the very beginning.
If your backups are not immutable, it’s likely a matter of time before ransomware can exploit that attack vector — we even saw this happen recently. Immutability should be a factor when evaluating solutions; it’s nearly impossible to add after the fact.
Prioritize API-driven Solutions
In the event of an attack, an API-first architecture like Rubrik can be a game changer. With a simple script, locate and restore compromised files for quick recovery. In addition, strong APIs provide the ability in the future to connect with third-party services to help protect your environment even more comprehensively.
We explore these concepts and more in the on-demand webinar: Ransomware jail, is there any way out? (asking for a friend).