In 2017, Ransomware attacks like WannaCry and Locky made headlines as organizations worldwide were infected. Data protection vendors of all types went to work hardening their solutions and advancing them to help customers recover from the threat. However, ransomware attacks now seem to be on the decline. According to Kaspersky’s Ransomware and Malicious Cryptominers 2016-2018 report, ransomware infections have fallen over 30% in the last year, leading the report to speculate “that criminals were starting to turn their backs on ransomware, to focus on cryptocurrency mining instead.” Storage Switzerland advises against ignoring ransomware any more than one ignores the threat of floods, fires, earthquakes, and hurricanes. It is still an ever present danger.
The Problem with Ransomware Statics
One of the main challenges with predicting the rise and fall of ransomware is that most organizations don’t report successful ransomware attacks. There is plenty of anecdotal evidence that ransomware attacks continue to be a significant problem that organizations need to deal with, but most of those anecdotal stories never make it to an analyst report or industry survey. Another challenge in predicting the pervasiveness of ransomware is the spiky nature of widespread attacks. Most attacks occur day to day under the radar. Headline space is dedicated to the subject only when there is a significant infection that impacts organizations worldwide.
Storage Switzerland’s estimation, based on countless conversations with IT professionals is that ransomware attacks remain a significant challenge and IT needs to make preparations for an inevitable attack.
Are You Prepared for Ransomware?
The primary emphasis in ransomware preparation, other than user education and perimeter defense, is backups. In response to ransomware, IT needs to protect all data more frequently including file servers and endpoints. To some extent, backing up all data is data protection 101, but in our experience, most organizations, except for critical applications, back up most of their data once per night. Ransomware makes once per night backups obsolete.
While the public announcement of ransomware attacks may be down, the “creativity” of these attacks is on the rise. According to Proofpoint, the number of ransomware variants is up 30X. The variations make it harder for perimeter defense solutions to detect them. Some of the variants specifically attack components of the data protection process like protected data stores and backup configuration files. Also, some malware strains now sit idle, instead of immediately executing their encryption attack. This ensures that the malware file is backed up repeatedly by the data protection process. When it eventually triggers, and IT starts its restore data, it is also copying back the malware file, which, once back on primary storage, starts encrypting files again.
Ransomware preparation is different than it was two years ago. Today data protection solutions need to protect themselves, harden their protected data stores and provide the ability to find malware files within the backup set breaking attack loops.
Only as Good as Your Weakest Link
Most ransomware works itself into the organization through a user endpoint, typically a laptop. It is not surprising then that laptops and other endpoints are the most likely to suffer unrecoverable data loss in the aftermath of a ransomware attack. The problem isn’t just the loss in user productivity, but most laptops contain data that is not only important to the organization, it is the only copy or latest copy of that data. Failure of the laptop means the loss of critical organizational data.
The reason for the sizable risk on user laptop and other endpoints is a lack of consistent backup. According to worldbackupday.org, 31% of users report NEVER having their laptop backed up. From IT’s perspective, laptop backup is traditionally a very frustrating project to implement and maintain. From an organizational perspective, it is also a costly project.
Using the Cloud to Fix the Weakest Link
It is critical that organizations perform consistent and frequent backups on laptops and user endpoints, but it also has to be a manageable project both for IT and the organization. The cloud may be the ideal solution to the problem. It provides a centralized repository for protected data so no matter where the user is they have nearly direct access to it. Also if the solution vendor leverages the cloud for more than just storage and takes advantage of cloud computing, the capabilities of the solution can expand far beyond only data protection and provide a complete endpoint data management strategy.
To learn more about protecting the front lines, user endpoints, from ransomware without breaking IT or the organization’s budget, check out our on demand webinar “Ransomware: Strategies for Protecting Your Weakest Link – Endpoints.”