Cybercriminals are not only becoming more sophisticated but bolder. The most insidious computer crime today doesn’t involve viruses or stealing credit card numbers. Instead, it comes in the form of ransomware! Rogue programs that hold an entire organization’s data hostage with unbreakable encryption and demands a ransom for the decryption key. This is why you need a ransomware recovery plan in place.
Ransomware recovery plan
These attacks are becoming increasingly common. In 2015, there were 2,453 reported ransomware incidents. Victims paid about $24.1 million, according to the FBI. Security researchers found that the number of users who came across crypto ransomware in the last year increased by more than 500 percent from the previous year.
In the past few months alone, new and more powerful ransomware has appeared. Criminals are targeting sensitive entities like healthcare facilities. For example, MedStar Health, a major healthcare provider in the Washington, D.C. region, was forced to disable its network for several days after a ransomware attack early this year. While Hollywood Presbyterian Medical Center in Los Angeles, California, paid $17,000 in response to an attack in February. Why do you need a ransomware recovery plan?
Ransomware is flourishing for two basic reasons
First, it’s simple economics. Rather than dealing with the trouble and risk involved in stealing credit card files and peddling them on the black market, criminals using ransomware can simply sit back and wait for the victims to pay. Of course, the criminals don’t always send the decryption key in return–these are thieves, after all.
The second reason is that a ransomware attack is incredibly difficult to prevent. It only takes a single click within an email or on a website for an unsuspecting employee to activate the code that encrypts an entire system and triggers a ransom demand. Even if an enterprise has the most updated anti-virus software or access restrictions on sensitive files, it remains vulnerable to ransomware via just one unsuspecting user.
While it’s difficult for an enterprise to feel completely confident in preventing a ransomware attack, it can take steps to mitigate the effects of this new and destructive type of malware– and recover normal operations in minutes or hours–if the proper precautions and recovery plans are in place.
Most important element
The most important recovery element is real-time protection of data. This means backup copies of all files and data are stored securely in the cloud rather than local desktops. To be effective, this needs to be accomplished automatically. This includes a copy being synced up to the cloud every time a file is edited or saved. These backups let a business “roll back” to the moments before a ransomware attack and recover all its files. Even in cases where the ransomware has affected large numbers of users within the organization. Read more about reducing ransomware attacks and controlling Shadow IT here.
It’s also important that the software or service you use to create these backups is capable of excluding the kinds of encryption files known to be associated with ransomware–so you don’t wind up restoring the very files that created the problem in the first place.
Finally, businesses must establish a retention policy. Whether you choose to retain deleted files forever or for a specified time period, a retention policy will allow your original files to be retrieved after they are deleted or encrypted by ransomware. This is a critical part of a recovery plan. As it can allow files to be restored quickly and won’t hold you back with a time-consuming and expensive recovery process.
Cybercriminals are an unfortunate reality in today’s marketplace. It’s easy to fall victim if you’re unprepared. By being aware and maintaining the right backup strategy, however, your company can minimize the damage from these attacks.
Read our 8 Tips for Ransomware Recovery Plan & Prevention.
Brian Levine is Senior Director of Security of Cloud Security