Combating the Evolving Landscape of Ransomware
About one year ago today, we pointed out an emerging security crisis in the healthcare industry. Cyber threats targeting hospital data were becoming a regular event, with some computer systems held captive for a reputedly multi-million dollar ransom. Beyond the Bitcoin cost, ransomware puts patient care at risk since many organizations must stop operations for over a week.
More recently, the worldwide spread of a virus known as “WannaCry” has been decimating operations at UK healthcare provider National Health Service (NHS) in addition to telecom, logistics, and car manufacturers. In total, it has caused havoc to over 230,000 computers in 150 countries. This attack has been aggressively accelerating while CIOs struggle to find a realistic solution.
The root cause comes down to the usual suspects: a combination of phishing emails and poorly patched security vulnerabilities. This particular vulnerability was so caustic that Microsoft released an update to several of their deprecated operating systems such as Windows XP and Server 2003. Additionally, users need to stop using older protocols like SMB 1.0 because they create a multitude of vulnerabilities that allow attackers to commandeer a system.
It’s on the vendor and partner communities to come up with innovative and effective methods for dealing with attacks. Fortunately, the team at Rubrik is no stranger to security threats against your applications and has been specifically addressing ransomware attacks for quite some time. We understand that data is your business and that security matters.
What Can You Do?
Paying ransom should not be the answer. Even if you resolve your current situation, you identify yourself as a lucrative victim for the next attack.
What should you do? To start, before you are ever under attack, you should have a rigorous, multilayer defense to prevent malware and phishing attacks. As described earlier, you should also keep all systems, critical or non-critical, updated and patched.
Even with the best defense, assume that preventative measures will fail and that you will need to recover from a backup. In this event, ask yourself the following questions:
- Does my backup provide for immutable copies that cannot be held ransom?
- Does my backup cover all necessary systems that I will need to recover if they go down?
- Can I restore these systems quickly to prevent business disruption?
Ransomware is a complex topic. Check out the resources below to get an in-depth look at creating a strong disaster recovery plan:
In December 2016, Andrew Miller, Technical Marketing Manager at Rubrik, presented an excellent webinar entitled Ransomware jail, is there any way out? Available on-demand, he dives into what is driving the acceleration of ransomware attacks and the Defense in Depth strategy (education, patching, and backup). He also walks through the evaluation criteria for effective backup and recovery systems. Then see how our customer, Langs Building Supplies, recovered from ransomware by using Rubrik Cloud Data Management.
The goal of recovery is to minimize data loss. So, reliability of data recovery and speed of restore are both critical. By leveraging Rubrik’s Live Mount & Instant Recovery features, IT operations can easily restore an immutable image of an application within a near-zero timeframe.
Watch this video to see how Rubrik helped a customer quickly recover from a ransomware attack. Learn how you can easily browse multiple backups to either copy files or bring an entire server and all dependent applications back online with just a few clicks.