Not only are the number ransomware attacks on enterprises growing exponentially, but it’s becoming clear that they are manifesting themselves in more diverse strains and affecting varied platforms more than ever before. By using effective backup and DR strategies and having more control over recovery processes, enterprises can take preventative measures to try to fight back against ransomware.
In whatever form ransomware appears, it’s becoming clear that the threat it poses is very real for enterprises today. According to the FBI, in fact, more than $209 million in ransomware payments were paid in the United States in the first three months of 2016 – up from just $24 million for all of 2015. And a recent report from the Kaspersky Lab security firm confirmed that the beginning of 2016 saw a huge spike in ransomware attacks. The researchers found that ransomware knocked targeted attacks from the top of the most popular threat rating, and concluded that ransomware would end up as the ‘problem of the year’ as far as cyber threats in 2016.
The Ransomware Threat to the Cloud
And it’s not only traditional platforms that are getting hit by ransomware. The threat is ubiquitous, and is hitting the cloud as well. In its latest quarterly report on the cloud, Netskope reported that nearly 44% of malware found in the cloud is carrying ransomware, and that one in 10 enterprises monitored by Netskope had ransomware-infected files in sanctioned cloud apps.
Add to that the fact that a new strain of Virlock ransomware is also making its way to the cloud. This strain takes advantage of users syncing and sharing by spreading itself through cloud storage and collaboration applications, and then dispersing infected files throughout the network.
Famed cybersecurity expert Brian Krebs also recently told the story of Toni Casala, whose entire operations run off of application hosting services at a managed cloud solutions firm. A company employee opened an email attachment that appeared to be an invoice, but it turned out to be ransomware. The cloud provider that Casala’s company was using was keeping daily backups, but when the ransomware hit, it took the company almost a week to fully restore all the files that were held hostage.
The Battle Against Ransomware
By using effective backup and DR strategies, enterprises can take preventative measures to try to fight back against ransomware. These measures can include, for example, backing up to removable media and using anti-malware endpoint-protection software to keep PCs protected.
But certain oversights may still cause organizations to suffer attacks. Companies may not be running their backups frequently enough, and others may not be sufficiently testing their backups. Other organizations may be backing up files in places that seem safe, but then find that ransomware has found the files, taken them over and encrypted them.
The Solution: Proper Point-In-Time Backup
So even if your cloud saves a backup, what is the SLA for restoration? Can you restore it on the spot? Do you control the recovery processes?
To truly combat ransomware, you need to have the proper type of backup in place in order to minimize risk and the data loss that malware causes. You should be able to restore to a point in time before the attack, and have the right backup data sets available and in the right place, to minimize potential financial losses and productivity.
Your backup should be automated as well, with a flexible solution to help you recover. This can be in the form of backup across AWS accounts. This is useful when you have a highly secure account, to keep your backup snapshots and ensure they cannot be deleted. Cloud Protection Manager (CPM), for example, provides cross-account AWS backup, which is important for safeguarding snapshots from access by hackers.
Solutions such as CPM provide enterprises with flexible backup policies and scheduling, rapid recovery of instances, and a simple, intuitive and user-friendly web interface to easily manage backup operations. All communication with the CPM server is encrypted (HTTPS, SSH). And the CPM database is in complete control of the user, with AWS credentials never passed in clear text and secret keys encrypted in the CPM database.
CPM has a Windows agent to consistently back up Windows applications, and allows users to manage multiple AWS accounts and configure policies and schedules to take automated snapshot backups. With CPM, you can recover volume from a snapshot, increase its size and switch it with an existing attached volume in a single step.