From The Expert Feature Article
September 20, 2016

The Ransomware Epidemic: Tips for Beating the Bad Guys

By Special Guest
Jeff Denworth, SVP Marketing, CTERA

Ransomware has become a global IT epidemic. In just the first quarter of 2016, ransomware victims paid out as much as $209M to cyber-criminals according to the FBI. This outrageous number, up from $24M in 2015, represents a serious assault on the IT world. While these attacks are not brand new - the first known ransomware occurrence was in 1989 and the ransom ask was for $189 ($350 inflation-adjusted) - the prevalence and financial demands have increased in a big way.

Fast forward to today - ransomware payments are made via anonymous bitcoin transactions – where it can cost anywhere from $500-$2,000 to unlock an average PC. Because of the anonymity, it’s difficult to know precisely how many anonymous payments have been paid to cyber-criminals, but the data collected by the FBI points to the fact that this situation has, indeed, reached pandemic proportions.

Here’s a look at how it works:

Ransomware: a particularly insidious form of malware that holds its victims’ files hostage until a “ransom” typically ranging from hundreds of dollars to hundreds-of-thousands of dollars – is paid. 

There has been a clear exponential spike in activity in a very short period of time. If the numbers below are accurate, ransomware is on track to become a $1B business this year. What’s worse is that we don’t yet know how big this will be because each public ransomware payment is only encouraging cyber-attackers to introduce new strains of malware and redouble their efforts.

Reports of ransomware originate from everywhere and everyone in all industries. Cybercriminals do not discriminate, but they do prey on the weak – and the reality is that if your organization is unprepared, it’s likely you’ll become just another statistic.

Sounds desperate, but there does exist a way for organizations to fight back against these cyber-attacks.

A Ransomware Story

S.J. Louis Construction is a national construction contracting company that provides underground utility, tunneling, horizontal directional drilling, rock trenching and infiltration, and earthwork services to public and private markets in the United States. S.J. Louis was founded in 1983 and is based in Rockville, Minnesota. Earlier this year, the organization had all of its current contract work and all previous project files crypto-locked by hackers who demanded $100,000 in return for its data. The breach encrypted $200M of future project data.

Because of the preparedness of its managed service provider (MSP), S.J. Louis was able to quickly mitigate the attack with zero files lost or compromised. The company had previously deployed a cloud storage gateway at each of its remote sites, serving as an all-in-one file server, backup appliance, and offsite data protection service. This enabled its IT manager to centrally manage and monitor backups of company servers around the country, configuring backups to occur every night, sending server data to the gateway, which keeps a local copy on-site and also replicates the data to the cloud for offsite protection. This hybrid backup model provided a fast local recovery option while also replacing the need for cumbersome processes for offsite tape backup.

When ransomware infected the file server in its Texas office - to the tune of $100,000 - the IT team was prepared. They simply “rolled back” to a previous version of its files – the day before the attack – and triggered a full restore of server files from the cloud storage gateway. The ransomware was thus removed from the system, resulting in minimal disruption to office productivity. And when a second attack occurred days later, the same process was followed to mitigate another potential disaster.

The only way to put an end to this epidemic is by building the right safeguards that eliminate enterprise vulnerability and end the need to pay cyber-criminals to retrieve access to your data and your systems. S.J. Louis was recovered quickly and without paying a dime - thanks to the backup services that were in place.

Safeguarding Your Organization

There are several countermeasures organizations can implement to fight back against crypto-malware:

Step 1: Secure the perimeter to minimize the chance of breach: Patch your operating systems and keep your operating systems up to date. This is imperative. Then:

  • Educate employees about the threat of ransomware and the role they can play in protecting the organization’s data - it’s well-known that human error is the number one cause of vulnerability to cyber-attacks.
  • Disable macro scripts from office files transmitted over e-mail.
  • Limit access to critical and rapidly-changing datasets to only need-to-know users.

That said, even the best firewall providers are challenged to keep pace with hackers.

Step 2:  Back-up all files and systems to avoid paying ransom to recover from crypto events.

  • Backup your endpoints, backup your file servers.
  • Implement lightweight, optimized data protection tools that minimize recovery points.

Using very granular file sync and backup procedures, affected organizations with innovative safeguards in place have minimized their recovery points to as little as five minutes (versus 24 hours or more with alternate measures). With the right data protection tools, organizations can successfully save themselves from paying $100,000s in ransom and minimize the period of business outage.

Extortion by way of ransomware is a devastating and potentially bankrupting catastrophe. Implementing strategic defense against cyber-attacks is key in retaining control over your precious data - and possibly saving your business.

Jeff Denworth runs Marketing for CTERA and brings to the company over a decade of experience with cloud and big data storage technologies. Prior to CTERA, Jeff served as VP of Marketing at DataDirect Networks (DDN) where he oversaw marketing, business and corporate development during a time of period of hypergrowth. Other experience includes sales and business development roles at Cluster File Systems and Dataram Corporation.

For more on the latest in IT and managed services, be sure to check out MSP Expo happening Feb. 9-10 in Ft. Lauderdale, Fla. and collocated with ITEXPO (News - Alert)

Edited by Stefania Viscusi