Image

Will your backups protect you against ransomware?

  • Published On: June 26, 2020 Updated On: February 17, 2023

Contents

  • Introduction
  • What is ransomware?
  • How ransomware affect the organization?  
  • How to protect an organization from ransomware? 
  • Why regular backup practice measures are needed?   
  • How BCP drill practice helps?   
  • Why we need Backup maintenance?
  • How easily can auto backup get affected by Ransomware?
  • How to Restore the Backup after Ransomware Attack?
  • What are the Reasons that cause BCP/DR planning failure?
  • Conclusion

Introduction

In this Digital world, everything is information, so-called data. If you don’t protect these data in the backup then the business would fail. Those backups will help in case of disaster and cyber attack to overcome the losses and help the organization rebuild the business as soon as possible without losing the business data. In several ransomware attacks, the backup plays a huge role in protecting the data of organizations. In medical industries and government agency data is more important for the daily routine of business. Only having a proper backup can save you when get affected by a ransomware attack, else you have to pay a ransom demanded by the attacker to access the data.

What is ransomware?   

Ransomware is a type of malware that encrypts a victim's files. To access the files the victim should pay the ransom demanded by the attacker. Instructions will be shown on how to pay ransom to get the decryption key. The Ransom can costs range from a hundred dollars to thousands, payable to attackers.

How does ransomware affect the organization? 

Ransomware can affect your organization in several ways and those most common are phishing, spam mail with attachments. Once the attachment is trusted and accessed by the victim, his computer is compromised. There are several things that malware can do on a victim’s computer, in that case, ransomware would encrypt the files on the system and we cannot decrypt it without a decryption key. If the organization refuses to pay the ransom, the attackers will threaten them by publicizing the sensitive data of the organization and its customers. In the below statics we can see that how many percentages of organizations face ransomware attacks and pay ransom to recover the data,

image

image

How to protect an organization from ransomware?

Good security practices should be followed to avoid ransomware attacks,

  • Don’t install any unknown software giving it a full privilege, unless you know exactly what that software does.
  • Install antivirus and anti-malware software to find programs like ransomware.
  • Keep updating your operating system and security patches so that you can ensure that known exploits won’t work.
  • And most importantly back up your data on daily basis, so that it will make the damages less significant to the organization when you are affected by a ransomware attack
  • Organizations should have a (BCP/DR) Business continuity planning and Disaster Recovery planning, so during a critical situation, they would know how to handle it and overcome the issues.

Why regular backup practice measures are needed?

Back up the data regularly based on its priority. It depends on the organization to decide if it’s a cloud backup or physical backup of the data. You should have multiple backups so that if one backup fails the other would help the organization. In case of unavailable Internet service then the physical backup will be helpful. The data backup should be inaccessible format in an emergency.

How does BCP drill practice help?   

BCP - Business Continuity Plan is the strategy that helps an organization to carry on as it recovers from data loss. This could be caused by a natural disaster, hardware failure and human error. BCP has the exact steps to minimize those losses. By using Recovery Point Objective or RPO strategy the company can manage the maximum amount of data afford to lose, depending on the organization. They cannot lose the customer data it will impact the business, but the organizations can tolerance data like stationary, canteen etc. Recovery Time Objective (RTO) is the time taken by the organization to recover the data fully after the disaster occurred. After recovery the IT team should check if the data is recovered and confirm all servers, systems, applications are functioning. BCP drill should be practised frequently so if a disaster occurred these practices will help the organization to recover from a disaster as they plan.

Why do we need Backup maintenance?   

An organization should have the latest backup to avoid huge losses. The backup should be checked frequently for the accessibility of data. The backup process should be done on daily basis and documented. The document should contain a type of stored data, the priority of that data, last backup date, and frequently accessed data and so on. Physical backups like a backup in external storage devices are more important than network shared backup storage.

How easily can auto backup get affected by Ransomware?

Large organizations should back up a lot of resources that can’t be done manually on daily basis; in this scenario, an auto-backup feature will automate the backup process in large organizations.

  • In some cases, during the backup process, this malware can also be a backup, in that situation the entire backup will be affected by the ransomware.
  • Some malware’s will first detect the files that have multiple copies of the same file and delete those copies; the hidden storage’s in the organization’s network will also be deleted or encrypted by the ransomware.
  • The solution for this situation is to have external storage devices which are not connected to the network.
  • These storage devices should be isolated and have multiple copies in different locations.

How to Restore the Backup after Ransomware Attack?

  • Before restoring backup we should check the integrity of the operating system, network and hardware of the organization.
  • In some cases, the malware will be hidden in the systems so the organization should completely check how the malware entered the organization, what activities are performed before and after the attack.
  • We need to run the anti-malware on the systems to find any hidden malware if any are found the system should be completely flushed.
  • After complete analysis the operating system should be completely updated and also the security patches should be upgraded to the latest versions and then the organization can restore the backup.

What are the Reasons that cause BCP/DR planning failure?

  • In case of a natural disaster, the recovery sites should be far away from the current business location because some organizations will plan to set the recovery server in the same building so there is no use of a backup server during a natural disaster.
  • Some organizations will plan the BCP/DR but they won’t practice it, they may think that during a disaster they can act. BCP/DR is not like insurance that can be claimed if a disaster happens. So the BCP/DR should be planned in all kinds of disaster scenarios and should be in practice frequently.
  • In case of replacing all damaged computers at the disaster time, we need to order it and it should be delivered on the estimated time so we need suppliers to deliver it and manpower to set up the computers on time for employees to their start work. Make the priority list for employees who need the systems first, even the IT team should have enough employees to set the backup of the users on estimated time.
  • The business will grow from time to time so the business continuity plan will be outdated it will prevent the business only at the time it was planned. So, the plan should be updated frequently according to the business growth. And organization should set a regular review period for the BCP/DR planning and practices.
  • During a disaster, the employees who implement the disaster recovery plan should also have a backup because during the disaster people should not depend on the key people who are present.

image

Conclusion

We can protect the organization from ransomware by implementing in-depth defense like using antivirus, anti-malware and strict policy for employees handling digital storage devices carried to the work environment.  Regular backup and its maintenance should be an important priority to the organization, all the data are important to continue the business.