Backup & Storage|Ransomware

When it Comes to Ransomware, Air Gaps Are The Best Defense

There’s no doubt that ransomware is a growing threat for all types of business today and there’s also serious concern that it will continue to get worse as these ransomware attacks are often successful. For many businesses, the cost of paying the ransom is less than the cost required for recovery and the accompanying downtime. Ransomware is a type of malware that typically blocks access to sensitive company data or files until a ransom is paid.

Ransomware typically encrypts the victim’s files which renders them inaccessible until the ransom is paid and the attacker delivers the key required to decrypt the files. Ransomware attacks are usually carried out using a Trojan that is disguised as a legitimate file that a user is tricked into downloading or opening when it arrives as an email attachment.

In some cases, like the infamous WannaCry attack, it can also be accompanied by a worm which enables it to spread to other networked computers without any additional user interaction. The ransom is typically paid using bitcoin or other untraceable cryptocurrencies. However, while most successful ransomware attacks do wind up providing the decryption keys, there’s no guarantee the perpetrators will do so. Depending on the type of business, a ransomware attack can be crippling to the organization. For example, healthcare organizations and manufacturing firms are especially appealing targets as they are extremely sensitive to any downtime.

Sponsored Content

Devolutions Remote Desktop Manager

Devolutions RDM centralizes all remote connections on a single platform that is securely shared between users and across the entire team. With support for hundreds of integrated technologies — including multiple protocols and VPNs — along with built-in enterprise-grade password management tools, global and granular-level access controls, and robust mobile apps to complement desktop clients.

A couple of recent notable victims of ransomware underscore the severity of ransomware today. This past June the city of Riviera Beach, Fla., paid nearly $600,000 in ransom to hackers who took over the city’s computer systems. Riviera Beach is a small city of about 35,000 people just north of West Palm Beach. The attack began on May 29 after a police department employee opened an infected email attachment.

Subsequently, all of the city’s online systems, including email, electronic payments, water utility pump stations, and some phones, were all taken offline. In their case, the city decided it was cheaper to pay than to attempt to restore their systems; a similar malware attack recently cost the city of Baltimore $18 million to repair damages. Previously, the city of Atlanta also underwent a ransomware ware attack and estimated cost of recovery was $17 million. There’s no doubt that ransomware will continue to be a serious threat going forward.

Having an effective disaster recovery plan is the only real safeguard for a ransomware attack. Clearly, a ransomware attack can be considered a disaster just like a hurricane, a flood or a power outage and a properly implemented modern DR plan should have contingencies for dealing with outages caused by ransomware attacks.

Offline backup or replicas are your best protection from a ransomware attack as they can be used to restore your system’s functionality using a system state that was captured before any system infection had occurred. Some types of ransomware are capable of selectively targeting backups. It’s vital that you keep a copy of your backup or replicas offline – or air-gapped – to prevent them from being corrupted by malware worms that can potentially move through your online network. Making sure that there is a separate authentication method can also help ensure that your offline backups or replicas are secured.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (1)

One response to “When it Comes to Ransomware, Air Gaps Are The Best Defense”

  1. <p>Also, removing critical infrastructure from the normal "office" network and isolating it on its own network, with no Internet and no intranet access. Apart from laziness, there is no real reason why everything needs to be available on the office network or the Internet.</p><p>I know IT managers that are stuck with Windows XP machines running industrial hardware, the manufacturer doesn't provide updated software for the older machines, the new software only runs with the new hardware and they aren't prepared to fork out over $1,000,000 to replace a machine that is working 100% reliably. Instead, they just isolate them.</p><p>One such has "fun" with the manufacturer, when they want support. Every time the support wants TeamViewer access to the hardware, and the IT manager just bluntly informs them that until they get a software upgrade that works with a supported version of Windows, they will just have to provide support over the telephone and guide the machine operator on correcting the problem.</p>

Leave a Reply

Michael Otey is president of TECA, a technical content production, consulting and software development company in Portland,