Custom Search

Main image credit: Pete Linforth from Pixabay
Combating ransomware strikes in the new normal

By Murali Urs, Country Manager, India, Barracuda Networks
September 3 2021: The COVID-19 pandemic may have changed the way we work with accelerated digital transformation, it has also provided a perfect breeding ground for malicious ransomware artists to target businesses and individuals with the intent of stealing or corrupting data worth millions of dollars.
The year 2021 has almost come to a close and the surface vector of ransomware attacks has been relentless, to say the least. With the entire business world transitioning towards operational digitization and remote working in wake of the pandemic, rogue artists and cybercriminals have been orchestrating medium to full-scale ransomware strikes left, right, and center.  They are leaving no opportunity to extort hefty ransoms from victims with the threat of disclosing their stolen data credentials in the public domain.  73 percent of Indian IT decision makers say their organization has experienced a ransomware attack
The attack scale of these meticulously designed and hi-tech strikes has been increasing exponentially with each passing minute.  Research finds a ransomware attack taking place every  11 seconds and the threat will only escalate further in the coming time. Ransomware attacks have been rightly dubbed as the most diabolic cyber threats in the history of computing. In fact, they are so dangerous and ominously prevalent that they have been officially listed under acts of terrorism by the Government. Since the advent of the pandemic, ransomware attackers have been aggressive in carrying out critical strikes that have managed to rattle every business vertical.
Data-backup: good but not enough
To successfully deal with ransomware attacks, it is necessary to ensure a realistic and practical security approach. There is a definite need to clear certain misconceptions around ransomware threats. One such prevalent myth is that you are safe from ransomware attacks if you regularly practice the policy of data-backup as your data will be automatically restored. But it doesn’t guarantee data-safety under the possible contingencies of events such as power cuts, natural calamities, or human errors caused by employee negligence. Merely backing up your data doesn’t safeguard against such unwarranted possibilities. The threat matrix has expanded so steeply that it takes more than data backup and system restoration to defend against ransomware attacks.  
According to leading cybersecurity experts, the best step for companies in such last-gasp situations is to stay far-sighted and have an expedient action-plan beforehand to deny any prospects of paying the ransom amount. However, organizations are more intrigued about averting a potential ransomware strike and recovering the stolen data without paying off the ransom. There are a few methods of preventing ransomware from locating and corrupting data backups.
Multiple security layers
The most effective protective strategy against ransomware and other sophisticated strikes is to ensure multiple layers of security that consist of three most crucial aspects; initiating email protection for defending against phishing and securing credentials; Securing the applications as well as the access route to those applications; and developing an extensive data-protection architecture with cutting-edge backup solutions that can effectively protect data both, on-premises and on the cloud. Organisations can fully recover the data without paying the ransom by actualizing these three security points.
The strikes are not triggered immediately when a target clicks the malicious link, even though they make the initial attempt through spear-phishing emails. The initial step for stealing the credentials of the victim can be utilised to access an organisation's internal database or network. The infiltrator can then effortlessly gain passage to assets, servers, databases, and the email platform. The attackers can persist with this surveillance for a couple of months before planting the killer blow
Targeting backup storage
Once inside the system, attackers are always looking for backup solutions to gain admittance into an organization’s data which could range from backup schedules, configuration, or retention policies. The intruder is now armed with the power to annihilate and corrupt various data points. While trespassing through an organisation’s network, the attacker can also target the backup storage itself with a malicious intent to obliterate the primary backup server and any secondary disaster recovery backup copies that are being preserved by the unwary victim, whether a company or an individual.
There is no assurance that a company will have its data restored even if the company possesses cyber insurance or other resources to pay the ransom. A worldwide ransomware report revealed over that over  80% of organizations that chose to pay a ransom fell victims to a second strike. These attacks are proving to be immense as the company under attack will not only lose a substantial volume in sales but also face a dip in customer confidence and rand reputation. This can cause a much more serious long-term impact in the form of irreversible damages such as massive revenue leaks or even eventual bankruptcy. 
Businesses must deploy comprehensive and resilient backup solutions that can extend immutable storage to impede the attackers from the dual possibilities of gaining passage to the backups or course through the data. It should also have Multi-factor authentication (MFA) to safeguard the accounts and credentials utilised to access the backup.  Although Ransomware attacks are inevitable, the best bet forward is warranting a feasible course of action. Remember the three essentials: reporting the crime, gaining professional expertise and never resorting to paying the ransom.
Barracuda Networks, provides security, networking and storage products based on network appliances and cloud services