Ransomware: How Quickly Can You Recover?

The FBI updated its guidelines for handling ransomware. But to pay or not to pay isn’t really the question. The real issue is how quickly you can recover.

October 15, 2019

Yes, we’re talking about ransomware again.

Earlier this month the FBI released an updated version of its guidelines for dealing with ransomware. The change sparked news coverage and comments because the FBI seems to have softened its stance on whether companies should pay cyber criminals to restore access to their data. Specifically, the FBI update says the organization “…understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers.”

These options include paying the ransom, and the FBI is acknowledging that this is the reality for many companies. But to pay or not to pay isn’t really the question.

The real issue here is how quickly you can recover.

 

More Sophisticated and Targeted Attacks

To review, ransomware encrypts company data, preventing your users from accessing their files. The attackers then demand a ransom, typically in bitcoin, in exchange for the keys necessary to decrypt those files. According to the FBI, ransomware attacks have become more targeted and sophisticated since 2018, and the losses to business can be significant. The city of Baltimore recently paid hackers $70,000, and two counties in Florida paid $1.2M.

Victims are infected via:

  • Email phishing campaigns
  • Remote Desktop Protocol vulnerabilities
  • Security flaws in software programs
  • Gullible employees

There are ways that organizations can work to prevent a ransomware attack. Nasuni Chief Science Officer and security expert David Shaw discussed some of these techniques in our recent video chat, How to Maintain Business Continuity in the Age of Ransomware. Some of David’s tips include investing in strong security systems to protect your email servers and educating of your end users – reminding them not to click that suspicious link from an odd sender.

Prevention is important, but it’s not foolproof. Attackers often find a way through anyway. So then what do you do if your files are held for ransom? Again, paying or not paying isn’t the point here.

 

Robust, Secure Online Backup

First of all, paying the ransom doesn’t guarantee a smooth recovery. The FBI says there have been instances in which organizations paid the ransom and didn’t receive any decryption keys. The keys themselves can also be flawed, so that victims aren’t able to recover all their data when they pay for and receive the decryption keys.

What you want is a powerful recovery system that allows you to avoid paying and will get your users up and running as soon as possible. According to the FBI: “The most important defense for any organization against ransomware is a robust system of backups. Having a recent backup to restore from could prevent a ransomware attack from crippling your organization.”

And we agree…to a point. Unfortunately, hackers have found ways to infect backups, too, and even if your backups are clean, they might not deliver the recovery points and recovery times your business needs. Your enterprise could still incur significant losses if you’re only backing up once a day or less, and restoring those files takes time.

Sure, tapes are secure, since malware won’t be able to sneak onto a physical tape locked in a vault. But restoring from tapes certainly isn’t fast. What if this means a critical business unit can’t access its files for days or weeks?

You might not end up paying a ransom, but the damage will have been done.

 

Secure Data Protection in the Cloud

Nasuni offers a completely different way of protecting your organization against ransomware attacks – and many of our clients have publicly and privately benefited from Nasuni’s instant file recovery. Nasuni Continuous File Versioning® securely stores each file as a series of objects in the cloud. When changes are made to a file, these changes propagate to the cloud as objects. In the public, private, or hybrid cloud, they’re stored as immutable WORM (write once, read many) data.

This approach leads to vastly improved recovery points and recovery times. Yet Nasuni also makes it easier for IT to manage the entire process. If need be, IT can restore the entire file system from the most recent point before the attack, which could be anywhere from a few minutes to an hour, depending on your settings. All files can then be restored from that point. The infected files? You won’t need them anymore, and you won’t have to pay the ransom. Instead, your end users can get back to business as usual.

This is real business continuity, and it has been proven at scale with multiple large enterprises. Take a look at our short video to learn more about how to prepare for a ransomware attack, and send us a note if you have any questions. And remember, the question isn’t whether or not you should pay the ransom. The question every organization needs to ask is this:

How quickly will you recover?

Ready to dive deeper into a new approach to data infrastructure?