Ransomware – The Ugly Truth and How to Fight Back

Holding computer systems and data hostage for ransom is an ugly situation.  The recent “WannaCry” ransomware attack took cyber-attacks to new heights as it affected hundreds of thousands of computers around the world.  In this BlogBytes post, we will learn about this type of cyber-attack, review recent incidents, examine what you can do to protect your company’s assets and learn how LTO technology can play a vital role.

What is a Ransomware Cyber-Attack?

As defined by techopedia.com, a cyber-attack is “the deliberate exploitation of computer systems, technology-dependent enterprises and networks” [1]. Cyber-attacks typically use corrupt computer code to alter computer systems, which causes business disruption and data destruction. Attacks can come in many different forms including: malware, pharming, phishing, spamming, spoofing, spyware, ransom-ware, Trojans and viruses. Cyber-attacks can also occur when hardware such as laptops or mobile devices are stolen.

Ransomware attacks come in a number of forms.  As described by the Microsoft Malware Protection Center, there are two types of ransomware – lock-screen ransomware and encryption ransomware. Lock-screen ransomware shows a full-screen message that prevents you from accessing your PC or files. It usually states that you have to pay to get access to your computer again. Encryption ransomware changes the files so they cannot be opened by their owner. It does this by encrypting the files. In this case, the attackers hold the key to unlocking the files and demand large sums of money to do so. Even after the ransom is paid, sometimes the files remain locked.  Malware analysts recommend not paying the ransoms as this could encourage further attacks and does not guarantee that assets will be released. In the case of the Wannacry ransomware attack, tens of thousands of computers were infected. Victims were given on-screen instructions to pay the ransom in Bitcoins to get their files decrypted. If the ransom was not paid by a certain date and time, then the files would eventually be deleted.

 How to Fight Back

Stopping data destruction caused by cyber-attacks, system malfunctions and natural disasters requires the implementation of a strong security plan.  Here are six ways to protect a company’s information assets and business operations [2]:

 1-Data Inventory

Only keep essential customer data and sensitive information. Remove redundant files, clean out backup files and securely archive old data that needs to be retained. If you don’t have it they can’t steal it!

2- Staff Training

Your team must be trained and certified on how to handle suspicious emails and links, sensitive and confidential information, company products, materials, documents, passwords and physical and cyber entry points. To further protect your company, ensure operating systems, antivirus and anti-malware solutions are set to automatically update and conduct regular scans. These actions will be the foundation of a workforce resilience plan that allows essential work and processes to continue, remotely if needed, in the event of a primary site attack or disaster.

3-Preparation

Start preparing for an attack by first implementing strong firewall systems and vulnerability scanning. Use and enforce secure key entry points, lock up equipment, install video surveillance systems, burglar alarms, fire suppression systems and utilize data encryption to reduce your risk. You should also encrypt important disk and flash files (including email) that could expose sensitive information. Another layer of security is provided when you use LTO tape data encryption to enable a virtual data lock that helps prevent information from being read even if the tape cartridge were to land in the wrong hands.

4-Offline Data – Create an “Air-Gap”

Using removable storage media helps prevent electronic access to data because the media removed from the system is no longer accessible electronically – it is offline. Disk systems remain online and are potentially vulnerable to an attack, but with removable media, such as LTO tape, there is an air-gap between the tape cartridge and the computer systems.   An air-gap means there is no electronic connection to the data on the tape cartridge.  In addition, since it is offline, the tape cartridge draws no power. These elements help provide secure, low cost data content preservation.

5-Out-Of-Region Data

Disasters strike without notice! They can be in the form of a local event such as a power failure, utility flood or fire or they can be region-wide, such as a hurricane or earthquake. It is imperative that a copy of critical content be stored at a location that is out of the region in case of a large scale disaster.  Getting a copy of critical data to a remote location can be accomplished in many ways including remotely storing a copy of LTO tape cartridges, disk-to-disk replication, disk-to-cloud and disk-to-tape via network, internet or communication line technologies.

 6-Backup and Recovery

For peace of mind if disaster were to strike, conduct disaster recovery drills and test your recovery plan on a regular basis. Based on key learnings from these drills, adapt the plan to new conditions, including on-going organizational changes, IT process alterations, new regulations, changing work environments and geographic factors.

As discussed in the white paper, Ransomware: Holding Data Hostage, it is essential to back up your data. Removing ransomware after it has done its work is difficult and often the only option left, aside from paying the ransom, is to rebuild the infected system and restore data from good back-up medium, such as tape. The primary technical control is to ensure that data and systems are backed up on a regular basis. As previously discussed, a copy of your backed up data should be kept offline.

While it is possible that some backups may contain ransomware, the following steps should be taken to avoid and reduce this possibility [3]:

  • Backups should be conducted on a regular basis and maintained for a specified period of time
  • Backups should be write-protected after being stored offline and offsite
  • Backups should employ versioning to ensure known-good media are available from a point in time prior to the infection
  • Backups should be tested regularly to validate the integrity and ability to restore the data
  • Backups should be checked regularly with anti-virus scans

As we have recently been reminded with WannaCry, a cyber-attack of any scale can wreak havoc on an organization! So don’t delay – be prepared by establishing a sound data security plan that includes LTO technology to protect your company, clients and employees, investments and data assets.

[1] Techopedia definition “What does Cyberattack mean?” January 2017
[2] The LTO Program “Preparing for the Worst: Making Sure You Don’t Lose Your Content in a Disaster” April 2017
[3] Hewlett Packard Enterprise “Ransomware: Holding Data Hostage” March 2016