Just like Harry Potter had to learn new skills in his defense against the dark arts studies, today’s IT administrators need to add new and improved defenses to protect your businesses from the ever-growing threat of ransomware. With traditional disaster recovery, the administrator was mainly concerned with recovering from a hardware or software failure or sometimes in extreme cases, from a natural disaster or site failure. While that’s all certainly still valid, there’s little doubt that exposure to a ransomware attack can leave your business every bit as inoperable as if the servers and OS had failed; the security firm Malwarebytes estimates that ransomware attacks increased more than 90 percent from 2016 to 2017.
Several recent high profile ransomware attacks serve to highlight the dangers of a ransomware infestation; notably, the ransomware attack that crippled the city of Atlanta for several days shows that ransomware isn’t just restricted to hospitals or Eastern European countries that still run Windows 7.
The Atlanta attack in March of 2018 left 8000 city employees without access to their systems for several days. Atlanta was hit by ransomware named SamSam and they were asked for a ransom of approximately $50,000 worth of bitcoin. They refused to pay the ransom and brought in eight different security firms to assist with ransomware cleanup efforts as their email, financial software, CRM and other vital city services were inaccessible. Overall, it’s estimated that the city of Atlanta spent $2.6 M to recover from the attack and their key services were inaccessible for almost five days. In their case, the SamSam ransomware attack clearly resulted in a DR scenario where major system recovery was required.
They say that knowing is half of the battle and when you understand the dangers of ransomware and how it spreads, you can begin to protect your business from it. Some of the steps that businesses should take to help defend themselves from ransomware attacks include:
Beyond these preventative steps, certain changes to your backup protocols can help ensure that your backups remain ransomware free. Using air-gapped backups where your backup archives are physically separated and separately secured from your on-line network can ensure that you have a backup copy that is not corrupted by any potential ransomware attack. The physical separation ensures that network scans cannot reach the backups and a different set of security credentials prevents access from even privileged AD accounts.