In my last post, I outlined the 6 steps ransomware attackers use and how to defend against them. Now, let’s consider how to avoid being the next victim. You’ll need to address three key questions:
- Why would an attacker target your company?
- Will your ransomware defenses actually work?
- What can you do to avoid falling into the category, “they all pay in the end?”
My advice: start by looking at ransomware the way an attacker does – as a businessperson. Attackers are looking to make money – as much as possible, as fast as possible, with as little risk as possible. They’ve developed a business model and an ROI calculation that determine the best target. Here’s what they typically look for (and note that the size of the company is not a factor in any of the criteria below):
- Valuable data: The more critical your data, the more money you’ll pay to avoid losing it. Vital data such as medical records, credit card and bank account numbers, social security records, and sensitive business information, make you more likely to pay more. The most frequently targeted verticals include financial services, healthcare government, and education.
- Ability to pay: The attacker calculates the probability that you have the right combination of cash and a willingness to pay – over and over again. They love recurring revenue.
- Connections to bigger fish: In some cases, companies are targeted because they’re a foot in the door to a bigger enterprise. For example, a small HVAC supplier to Target was hacked by a ransomware attacker to infect Target’s systems.
- Insufficient defenses: Attackers do their homework and target companies that haven’t put effective defenses in place. Consider this worrisome data point: 75% of companies infected with ransomware thought they had security systems in place to protect themselves! Oops.
Once you understand what attackers are looking for, you can more accurately assess whether your current ransomware defenses will work.
And here’s a shocking fact for you: the state-of-the-art defense against ransomware today is to pay the attackers. The media is writing about the emerging “extortion economy, where insurers are recommending that companies pay the ransom.”
Of course, there are other ransomware defenses. They fall into four broad categories:
- Prevention: Tools for email scans, firewalls, regular data scans, etc. Unfortunately, most of these “solutions” are piecemeal, don’t work well together, and are ultimately ineffective against ever-evolving ransomware attacks.
- Education: Training your workforce to not be victims of social engineering and other common tactics. The problem is, today’s workforce is increasingly mobile, distributed, and beyond the reach of SecOps and IT’s warnings and testing tools.
- Processes: You can build company-wide rules and processes to block links and attachments from unknown sources. But this could disrupt the business and isn’t always failproof either.
- DR: This defense is the most effective way to deal with ransomware, provided you have tamper-proof backups, a reliable DR site, and easy failover and failback technology at your disposal. Unfortunately, most companies do not. Disaster recovery hasn’t been very effective in many cases because it’s been too expensive, complex, and unreliable.
The takeaway is that none of these defenses has proven effective. But the situation is far from hopeless. If we now consider the third question, how to avoid being yet another paying customer for ransomware criminals, there is a solution.
Rethink your DR strategy.
We’ve introduced DRaaS with VMware Cloud on AWS, a new cloud-based model for DR that provides failproof, on-demand DR-as-a-Service. Now you can instantly and inexpensively recover your data – and that means you’re no longer an attractive target for ransomware attacks. No more CapEx for DR sites, no more overburdened IT staff trying to update policies – just pay for the service when you actually use it. And never even think about paying ransomware again.
If you’d like to see a demo of DRaaS with VMware Cloud on AWS, drop us a line. You can also learn more by watching our on-demand webinar, “2020 IT Industry Predictions on SaaSification, Cloud Migration & DR Strategies.”