Over the latter quarter of 2019, it became apparent that ransomware issues have begun to accelerate significantly. With (at scale) data centre operators, small marketing agencies, the US Coastguard and Travelex being hit.
In 2019 a wide range of organisations were targeted:
1. Demant, a hearing aid manufacturer, was attacked; with recovery costs reportedly upwards of $95M.
2. Aluminium provider, Norsk Hydro, was also attacked in March, shutting down production and costing a reported $71M to recover.
3. Various US cities including were ransomed- including Baltimore with reported recovery costs of $21M.
1. The BBC announced on the 2nd of January that the US Coastguard had been compromised. Although no figures are available currently, this has further reaching implications due to the critical role being played in the security of a nation state.
2. The USA’s largest data centre operator, CyrusOne, was also a victim. This is alarming as it warns that even high quality, “at scale” operators are not immune from the threat.
3. Most recently, Travelex– a foreign exchange company.
Personally, I know of several other cases that are not yet in the “public domain”. This is my thirty-fifth year in our industry- and one thing I’ve noticed is that at times of crisis, the “snake-oil’ sales and marketing community dash to explain how their particular offering will fix the problem.
Ransomware is typically designed to proliferate- meaning that you will have the problem, weeks or months before it becomes apparent. Once you know you have it, in most cases, it is simply too late.
Here are my suggestions:
Firstly, I don’t believe that wholesale replacement of technology will fix the issue. I suspect that the best way to really protect yourself is to augment what already exists with some more robust mechanisms and processes.
The BBC have reported that the Travelex ransom is £4Million in Bitcoin. Therefore, I believe that the risk of ransom can be reduced for a fraction of that cost- even in at scale businesses. In some cases, companies will eventually recover after weeks or months of significant disruption and brand damage. However, some are unfortunately driven out of business.
Secondly, for several years our focus has been system uptime. The ‘Holy Grail’ of data protection has really been focussed around RTO (recovery time objectives). This measures how close to ‘real time’ we can maintain data availability. I am not suggesting for a moment that the RPO (recovery point objective) has been ignored. It hasn’t. However, the simple truth is that in this type of threat, the “last line of defence” approaches that we all know and love, are not in themselves immune from the issue.
There are a few questions that we should consider in the context of being able to give a full recovery:
- What is your process for identifying infection before data is backed up, encrypted etc? This is the first step in ensuring you do not have a ransomware infection.
- How do you categorically ensure that older backups are not infected with ransomware? This is the ‘loop of death’ you simply keep re-installing.
- What is your process for identifying infected files in your production systems before they are detonated?
- Do you have processes for ensuring your backups are not deleted by ransomware?
- What is your process to prevent encryption being used to reduce your ability to administer a solution?
The great news is that significant steps can be taken to massively reduce your risk at relatively low cost. We are holding a free webinar on the 30th of January at 15:00, in which we will answer these, and many other, pertinent questions.
Register HERE or GET IN TOUCH for more information.