Ransomware refers to a strain of malware that attacks computers, encrypts the files on them and then demands payment to unlock them. From being a rare form of attack around a year ago, thousands of organisations are now being hit by this kind of attack every day. The attacks themselves are indiscriminate, hitting public sector bodies like police forces, hospitals and councils, as well as private companies and individuals.
[easy-tweet tweet=”The confluence of IT industry trends has made backup more challenging” hashtags=”Ransomware”]
Ransomware is also spreading beyond the traditional Windows PC into targeting Linux and Mac machines, as well as now mobile phones using versions of Android. As more and more potential targets for ransomware are created, it’s important that all organisations look at their approach to data protection in more detail.
Step 1 – Education
The most common route for all malware attacks into organisations is still email, with attacks disguised either as a link or an attachment. This is not a sophisticated approach, but it is still successful. Rather than the mistake-ridden missives of the past, better design and grammar in the emails makes them harder to spot.
At the same time, workforces within companies are getting more mobile, taking them increasingly outside the perimeter security implementations that can help to stop attacks getting through. Use of company assets outside the business – or employees using their own devices for work purposes – can exacerbate this risk further.
Education here can help. Users can and should be trained to spot attacks on them, whether these are for the latest phishing attacks that are based on social engineering or designed to get payloads opened. Encouraging users to manage their work and not get rushed into opening potentially suspect emails – even when they have the appropriate name or branding on them – can help prevent some of these issues in the first place.
Step 2 – Backup and data protection across all devices, not just some
While education can help, it’s not the only answer. It relies on every user being 100 per cent vigilant all the time, and precludes the possibility of human error. Alongside keeping staff up to date on problems, it’s therefore important to look at data backup.
Backup is one of those tasks that is often looked at centrally by IT. However, the confluence of IT industry trends has made backup more challenging. The growth of mobile working, the use of multiple devices and more deployments of cloud applications all have an impact on backup strategies. However, protecting data across all assets – not just those held centrally – is vital when it comes to defeating ransomware.
However, backup has to move out from being something only done for centrally-held IT. As ransomware can strike at almost any IT asset – from a phone, laptop or tablet through to the files held centrally – backup has to cover each and every device equally. Alongside this, holding multiple versions of each file is required too, just in case files are infected previously before being spotted.
Protecting data on each device does mean thinking about how to get data off those IT assets. Mobile or remote workers may not come into the office for regular imaging of their devices, while relying on users to protect data themselves runs the risk of steps not being completed. Instead, client backup should be as unobtrusive as possible.
Cloud-based approaches can help here, as data on devices can be protected regardless of location or device type. By sending updates of data securely at regular intervals, a history of files can be created. If a ransomware attack does make it through, then restoring the files can be done based on going back to a “known good” version.
Any approach here should also bear in mind how sensitive the data that users create is. Anything containing personally identifiable information (PII) should automatically get detected and secured with encryption, regardless of the backup strategy that is put in place. If a device does get attacked either by ransomware or more traditional malware that looks to steal data, then these files should be protected automatically.
Step 3 – Stopping vulnerabilities faster
Without backup in place, it’s highly unlikely that a recovery from a ransomware attack will be successful. Some attacks have failed due to poor encryption implementations, but these have required significant technical expertise in order to fix them.
Without education, it’s harder to stop employees from succumbing to attacks. However, it’s also worth linking up with the IT security team to prevent known vulnerabilities from being exploited by ransomware. Putting updates in place as soon as they are released can help prevent some of the most common forms of ransomware from being successful, as the exploits they are associated with have often been fixed by the software providers already.
This approach won’t help if an attack does get through, but it does help to reduce the likelihood of a call from an end-user who has a problem.
[easy-tweet tweet=”The only way to ensure protection against #ransomware is through a comprehensive data protection scheme”]
Ransomware has become a prevalent threat for everyone. However, no matter how educated employees are and how up to date a company’s IT assets, there is still a great chance of being infected by ransomware. The only way to ensure protection against ransomware is through a comprehensive data protection scheme. Preventing the problem through effective data backup is the best cure.