June 19, 2021 | By Greg Dougherty
With all of the uncertainty and fear surrounding the Coronavirus (COVID-19) pandemic, businesses are more prone to ransomware attacks than ever before. As much as we hate to admit it, cybercriminals are incredibly intelligent. These manipulative hackers tend to take advantage of people during times of crisis, capitalizing on their anxieties, concerns, and panic.
In an article from Security Magazine, we see that these cybercriminals have been sending phishing emails posing as the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC), two organizations that individuals heavily rely on for guidance and updates during these unprecedented times. Why these particular organizations? The answer is simple. It’s because posing as these highly accredited organizations at a time like this is the ultimate clickbait. Not only are people not thinking clearly, but they’re desperately seeking answers in this time of crisis.
Now more than ever, staying vigilant and implementing proper recovery strategies are critical when it comes to protecting your business from malicious and debilitating cyberattacks. Here are the top 4 ways you can stay proactive and protect your organization when ransomware outbreaks run rampant:
1. Provide Phishing Protection and Ransomware Education to Your Staff
One of the most common ways that ransomware outbreaks gain a foothold on a network is through links in emails. When we think of malware and ransomware, it’s easy to think of the clichés we see on TV and in the movies. It’s always some hacker in a dark room wearing a hoodie. Clacking away on a mechanical keyboard, raining destruction on some unsuspecting victim, and then muttering something along the lines of “I’m in.”
But in the real world, it’s much more common for ransomware attackers to just send out mass emails to a list of thousands and thousands of potential victims. This tactic is known as phishing. An email is sent out under the guise of something that appears to be legitimate information with a hyperlink to more information, and usually capitalizing on recent events. Something like “How To Find Your Local COVID-19 Testing Site” as a seemingly innocent link, but once clicked can perform a drive-by download and allow the malicious software onto your PC. Once it’s there, it can spread across network shares to workstations and servers and bring productivity to its knees.
The first line of protection from phishing is user education. Making sure the users in your organization know how to spot suspicious emails, and what behavior to take when opening such emails, like forward them to an IT or security team so they can block the sender from potentially sending more malicious emails into the organization, can prevent a disastrous malware outbreak from ever even occurring. The only problem is that ransomware attackers are persistent in their craft. They’re in it for the money, otherwise, there wouldn’t be any ransom to get your data back, so it’s always in their best interest to continue to improve on deception and make their emails look more and more legitimate.
Some ransomware attackers have even gone so far as to create templates that look almost entirely identical to an email you’d get from Microsoft or FedEx shipping updates. With familiar formatting and the location of links, a user can be tricked just out of feeling comfortable. It’s a literal arms race. So what are some ways to safeguard your business if ransomware does get through?
2. Have a Solid Disaster Recovery Plan in Place to Combat Ransomware
Business continuity is the number one objective for many businesses. Having a solution like Disaster Recovery-as-a-Service (DRaaS) helps protect your business continuity by leveraging replication of your virtual servers from your production environment to a service provider’s cloud infrastructure. This allows for very quick Recovery Time Objectives (RTO) because you can shift your virtual workload from your production environment to a disaster recovery service provider’s environment. This will ensure the utmost productivity and uptime, keeping your users online and working.
In the specific case of ransomware, replica failover can be used to shift production to the cloud while impacted servers on your production side can be cleaned of malware. The workload can then shift back from the cloud to your production environment, with an option to inject the changes made by users to files back onto the production virtual machines so that no work is lost. But what if the virtual machines hit by ransomware are unrecoverable in the production environment? You can still leverage failback to copy the VM replica back into your production environment, along with all the changes that have been made by users. If you have local backups of the VM, you can restore the VM locally and then have the replica failback onto the restored VM quickly, injecting any changes users have made on the VM replica. If you don’t have backups, you can still perform a failback even without the source VM on the production side. The VM replica will copy itself to your production environment and take on the role of the source VM so that business can continue.
3. Ensuring a Fully Inclusive Backup Strategy
Backups-as-a-Service (BaaS) helps to further protect your environment by protecting your virtual workload with both local backups and by creating off-site copies of those local backups to the service provider’s cloud infrastructure.
Local backups are also important in the event of a ransomware outbreak. They allow you to perform file and folder-level recoveries, which is great when you’re able to catch a ransomware outbreak before it has a chance to spread across your systems. You’ll be able to quickly restore impacted files and folders so that business can resume. BaaS is even more powerful when coupled with DRaaS. If an entire server becomes compromised by ransomware, you can failover production to your replica in the cloud so your users can continue to work. In the meantime, you can leverage your local backups to restore that VM to your last working backup. Once the restore is done, you can then failback and commit all the changes that were made on the VM replica to the newly restored VM in production. This way, none of the work completed by your users during the outbreak is lost. In terms of business continuity, that’s a huge security net.
Off-site backup copies help meet one of the most important aspects of the 3-2-1 backup rule; keeping at least one copy of your backups off-site. But off-site backups in a BaaS solution go much further than just having your data off-site in the cloud. This is because you are still able to interact with them while they’re in the cloud, unlike the old days of physical tapes stored in a vault miles away. You’re able to perform the same file and folder level recoveries from these off-site copies, and if absolutely necessary in a worst-case scenario, even recover entire VMs from them.
Off-site backup copies go a step further than this. Ransomware attacks don’t discriminate, so there is always the possibility of your local backup server becoming Cryptolocked. Although DRaaS has you covered in regards to your immediate workload needs and RTO, BaaS helps ensure that all your long-term retention data is safely secured. All those weeklies, monthlies, quarterlies, and yearlies are there in the service provider’s cloud to restore from if needed, protected from the malware outbreak.
4. Employ a Dedicated and Highly Experienced Team
Having a team that’s highly experienced in recovery and backups, whether it’s an internal team or an external team, is critical for protecting your organization from falling victim to costly ransomware attacks. One of the biggest perks of leveraging DRaaS and BaaS services from a cloud provider like Opti9 is the access to dedicated Backups and DR teams. Acting as an extension of your own internal IT team, service provider teams help your IT team with everything from setting up local backup jobs, off-site backups, and replication jobs, monitoring your backup and replication jobs, alerting you if those jobs are failing, and providing you with steps and assistance in resolving them.
The biggest force multipliers in this scenario are knowledge and experience. DR and backup providers like us have seen it all before, so in the unfortunate event that your environment is hit with something like ransomware, you’ll have the ability to leverage an experienced team that’s worked through disaster recovery scenarios before to get you back up and running.
The costs of ransomware are substantial, and it’s important to realize that we’re not just talking about financial costs. If your organization’s data is compromised, your reputation is at stake, which very well could be the downfall of your business.
During times of crisis or not, the key takeaway here is how crucial ransomware awareness and preparedness are for any business. It’s important to educate your employees to ensure your entire team follows best practices for cybersecurity, and it’s essential to ensure that there are no gaps or vulnerabilities in your Business Continuity/Disaster Recovery plan or backup strategy.
Give us a call at 1-866-932-2471 to learn how Opti9 can help protect your business from disasters such as ransomware.