- What is ransomware?
- How ransomware affect the organization?
- How to protect an organization from ransomware?
- Why regular backup practice measures are needed?
- How BCP drill practice helps?
- Why we need Backup maintenance?
- How easily can auto backup get affected by Ransomware?
- How to Restore the Backup after Ransomware Attack?
- What are the Reasons that cause BCP/DR planning failure?
In this Digital world everything is information, so called data. If you don’t protect these data in the backup then business would fail. Those backups will help in case of disaster and cyber attack to overcome the losses and helps the organization rebuild the business as soon as possible without losing the business data. In several ransomware attacks the backup play a huge role in protecting the data of organizations. In medical industries and government agency data is more important for the daily routine of business. Only having a proper backup can save you when get affected by a ransomware attack, else you have to pay a ransom demanded by the attacker to access the data.
What is ransomware?
Ransomware is a type of malware that encrypts a victim's files. To access the files the victim should pay the ransom demanded by the attacker. Instructions will be shown how to pay ransom to get the decryption key. The Ransom can costs range from a hundred dollars to thousands, payable to attackers.
How ransomware affect the organization?
Ransomware can affect your organization in several ways and in those most common is phishing, spam mail with attachments. Once the attachment is trusted and accessed by the victim, his computer is compromised. There are several things that malware can do on a victim’s computer, in that case ransomware would encrypt the files on the system and we cannot decrypt it without decryption key. If the organization refuses to pay the ransom, the attackers will threaten them by publicizing sensitive data of the organization and customers. In the below statics we can see that how many percentage of organizations faces ransomware attack and pay ransom to recover the data,
How to protect an organization from ransomware?
Good security practices should be followed to avoid ransomware attacks,
- Don’t install any unknown software giving it full privilege, unless you know exactly what that software does.
- Install antivirus and anti-malware software to find programs like ransomware.
- Keep updating your operating system and security patches so that you can ensure that known exploits won’t work.
- And most importantly back up your data in daily bases, so that it will make the damages less significant to the organization when you are affected by ransomware attack
- Organization should have a (BCP/DR) Business continuity planning and Disaster Recovery planning, so during critical situation they would know how to handle it and overcome the issues.
Why regular backup practice measures are needed?
Backup the data regularly based on its priority. It depends on the organization to decide if it’s a cloud-backup or physical backup of the data. You should have multiple backup, so that if one backup fails the other would help the organization. In case of unavailable Internet service then physical backup will be helpful. The data backup should be in accessible format at an emergency situation.
How BCP drill practice helps?
BCP - Business Continuity Plan is the strategy that helps an organization to carry on as it recovers from data loss. This could be caused by a natural disaster, hardware failure and human error. BCP has the exact steps to minimize those losses. By using Recovery Point Objective or RPO strategy the company can manage the maximum amount of data afford to lose, depends on the organization. They cannot lose the customer data it will impact the business, but the organizations can tolerance data like stationary, canteen etc. Recovery Time Objective (RTO) is the time taken by the organization to recover the data fully after the disaster occurred. After recovery the IT team should check if the data is recovered and confirm all servers, systems, applications are functioning. BCP drill should be practiced frequently so if a disaster occurred these practices will help the organization to recover from disaster as they plan.
Why we need Backup maintenance?
An organization should have latest backup in order to avoid huge loss. The backup should be checked frequently for the accessibility of data. The backup process should be done on daily basis and documented. The document should contain type of the stored data, priority of that data, last backup date, and frequently accessed date and so on. Physical backup like backup in external storage devices are more important than network shared backup storage.
How easily can auto backup get affected by Ransomware?
Large organizations should backup a lot of resources which can’t be done manually in daily basis; in this scenario an auto-backup feature will automate the backup process in large organizations.
- In some cases during backup process these malware can also be a backup, in that situations the entire backup will be affected by the ransomware.
- Some malware’s will first detect the files that has multiple copies of the same file and delete those copies; the hidden storage’s in the organization’s network will also be deleted or encrypted by the ransomware.
- The solution for this situation is to have external storage devices which are not connected in the network.
- These storage devices should be isolated and have multiple copies in different locations.
How to Restore the Backup after Ransomware Attack?
- Before the restoring of backup we should check the integrity of the operating system, network and hardware of the organization.
- In some cases the malware will be hidden in the systems so the organization should completely check how the malware entered the organization, what activities are performed before and after the attack.
- We need to run the anti-malware on the systems to find any hidden malware if any found the system should be completely flashed.
- After complete analysis the operating system should be completely updated and also the security patches should be upgraded to the latest versions and then the organization can restore the backup.
What are the Reasons that cause BCP/DR planning failure?
- In case of natural disaster the recovery sites should be far away from the current business location because some organization will plan to set the recovery server in the same building so there is no use of backup server during natural disaster.
- Some organization will plan the BCP/DR but they won’t practice it, they may think that during disaster they can act. BCP/DR is not like insurance that can be claimed if disaster happens. So the BCP/DR should be planned in all kind of disaster scenarios and should be in practice frequently.
- In case of replacing all damaged computers at the disaster time, we need to order it and it should be delivered on the estimated time so we need suppliers to deliver it and manpower to setup the computers on time for employees to their start work. Make the priority list for employees who need the systems first, even the IT team should have enough employees to set the backup of the users on estimated time.
- Business will grow time to time so the business continuity plan will be outdated it will prevent the business only at the time it was planned. So, the plan should be updated frequently according to the business growth. And organization should set a regular review period for the BCP/DR planning and practices.
- During a disaster the employees who implement the disaster recovery plan should also have a backup, because during the disaster people should not depend on the key people are present.
We can protect the organization from ransomware by implementing in depth defense like using antivirus, anti-malware and strict policy for employees handling digital storage devices carried to the work environment. Regular backup and its maintenance should be an important priority to the organization, all the data are important to continue the business.