“By failing to prepare, you are preparing to fail.” Benjamin Franklin’s forewarning of ransomware could not have been more accurate.
When WannaCry ripped across the globe, from east to west, everybody who was anybody in the cybersecurity world said this was merely one of many similar threats destined for our hard drives.
As May turned to June, WannaCry 2.0 warnings grew and grew and then, throughout this week, Petya, a ransomware investigated by Kaspersky Labs in recent weeks, became a strain of focus.
Soon, though, we had moved beyond that, with GoldenEye the latest nightmare to emerge from the east.
Russia’s top oil producer, Rosneft, and several banks in the country were hit. Ukraine’s central bank and metro system also fell victim, as did Kiev’s Boryspil Airport and electricity supplier Ukrenergo.
The virus then spread to Denmark, Norway and the Netherlands, via shipping giant Maersk’s Russian subsidiaries. It hit ad agency WPP in London, French construction company Saint Gobain and Spanish food giant Mondelez.
India was hit, Chernobyl operators panicked, everybody feared the worst.
There’s little to be done in real time, with corporate decision making in advance of such attacks often of far more significance.
So, with WannaCry, Petya or GoldenEye laying what’s expected to become a well-trodden path for ransomware in future, what can you do?
Try thinking of an offline silo, for one.
“A key thing to remember is that if your backup is being made on the same network as the data is being hosted, it is likely to be affected equally by any ransomware attack,” explained Tibus, a web hosting company.
“For that reason, it is important to ensure that your backup is being stored off-site.”
Disaster recovery is a process, and it’s one which needs a detailed plan. Do you need to be back online in an instant? Can you handle a slower, less costly recovery? Depending on the company, only one of these things need be true.
Another consideration is the cost of the backup. For example, if you pay a daily, maybe monthly fee that outstrips your income, it makes the recovery option a bit counter-productive.
All the steps below come at a cost.
Establishing what works for your company is a purely individual process.
Back it up
“A business consultancy with a brochure website advertising its services to clients in a single geographic market could probably be offline for an entire night without any serious or lasting effects to the business,” said Tibus.
Should something similar happen to, say, Amazon, or Airbnb, then disaster. These truly 24/7, global operations need a far better disaster recovery plan.
In all cases, though, backups are key. Backup offline, and backup regularly.
Regularity is up to you
“As a bare minimum, you should be taking regular backups of your website and any other data stored on your server,” said Tibus.
This could mean daily, hourly or even real-time, with the cost of this obviously growing the more regularly you backup data and content.
Beyond this, and again probably a costlier option, is to have a replicate site, with live data and up-to-date content, hosted at a remote location.
In the case of Airbnb, Amazon or, say, a news site, this could then be substituted in at short notice while the affected site gets dealt with.
Test, test and test
The last area of note is testing, both a bane and necessity of web operators. Tibus noted customers in the energy sector, those who would need real-time reactions across the board, as those most likely to engage in this practice.
This would see disaster simulations regularly forced on the relevant company’s defence systems, to see how it can handle certain strands of ransomware.
This is not a perfect practice, though, as the attackers often find a way. The best bet is to be as well defended as possible, hoping the attack passes your defences by, and moves on to someone else.
“The latest global ransomware attacks are yet another wake-up call for business as a serious threat, and not just another cybersecurity technology challenge,” said Bob Hammer, CEO of cybersecurity company Commvault.
“Companies must evaluate ransomware threat readiness – and many are disturbingly unprepared.
“A strong security and defence strategy together with a strong data management strategy and educating employees on ransomware, are all essential to mitigating enterprise data vulnerabilities.”
The post Ransomware is a horrible reality, so what should you do? appeared first on Silicon Republic.