Perception vs reality: How to really prepare for ransomware - VentureBeat

It appears that astir IT environments person not connected the dots erstwhile it comes to ransomware and the value of a bully extortion system. It’s casual to infer this erstwhile speechmaking a caller IDC survey of much than 500 CIOs from 20-plus industries astir the world. 

The astir headline-grabbing statistic from IDC’s study is that 46% of respondents were successfully attacked by ransomware successful the past 3 years. That means that ransomware has leaped past earthy disasters to go the superior crushed 1 indispensable beryllium bully astatine performing ample information restores. Many years ago, the main crushed for specified restores was hardware nonaccomplishment due to the fact that the nonaccomplishment of a disk strategy often meant a implicit reconstruct from scratch.

The advent of RAID and Erasure Coding changed each that, putting earthy disasters and coercion successful the foreground. However, the chances that immoderate 1 institution mightiness endure a earthy catastrophe were really rather debased — unless you lived successful definite disaster-prone areas, of course.

Lost money, mislaid data

That 46% fundamentally means your chances of getting deed by ransomware are a coin toss. What’s worse is that 67% of respondents paid the ransom, and 50% mislaid data. Some commenters person downplayed the 67%, suggesting that possibly these organizations were responding to a ransomware maneuver known arsenic extortionware.

In this scenario, a concern volition person a request specified as, “Give america $10M, oregon we volition people your organization’s worst secrets.” However, adjacent if we acceptable that statistic aside, we’re inactive near with the information that fractional of the organizations deed by ransomware mislaid captious data. That’s 2 coin tosses. This is, arsenic they say, not good.

Prepared for an attack? Probably not

The communicative worsens, though. Surprisingly, the aforesaid organizations that were attacked and mislaid information seemed to deliberation beauteous highly of their quality to respond to specified events. First, 85% of the respondents claimed to person a cyber-recovery playbook for intrusion detection, prevention, and response. Any enactment is apt to respond “absolutely” if you inquire them if they person a program similar this.

In fact, you mightiness adjacent inquire what is going connected astatine the 15% that don’t look to deliberation they request one. They’re similar the 5th dentist successful the aged Dentyne commercialized that said, “Four retired 5 dentists surveyed recommended sugarless gum for their patients who chew gum.” If your enactment lacks a cyber-recovery plan, the information that truthful galore businesses person been attacked should hopefully assistance motivate your enactment to marque that change.

An enactment should beryllium forgiven for being attacked by ransomware successful the archetypal place. Ransomware is, aft all, an ever-evolving country wherever wrongdoers are perpetually changing their tactics to summation traction. What is hard to recognize is that 92% said their information resiliency tools were “efficient” oregon “highly efficient.” It should spell without saying that an businesslike instrumentality should beryllium capable to retrieve information successful specified a mode that you shouldn’t person to wage the ransom — and you decidedly should not beryllium losing data.

Minimizing onslaught damage

There are respective cardinal parts to detecting, responding to, and recovering from a ransomware attack. It is imaginable to plan your IT infrastructure to minimize the harm of an attack, specified arsenic denying the usage of caller domains (stopping bid and control) and limiting interior lateral question (minimizing the quality of the malware to dispersed internally). But erstwhile you are attacked by ransomware, it requires the usage of galore tools that tin beryllium overmuch much businesslike if automated.

For example, you tin determination from limiting lateral question to stopping each IP postulation altogether. If infected systems can’t communicate, they can’t bash immoderate much damage. Once the infected systems are identified and unopen down, you tin statesman the catastrophe betterment signifier of bringing infected systems online and making definite recovered systems aren’t besides infected.

The powerfulness of automation

The cardinal to making each of that hap successful arsenic abbreviated a clip arsenic imaginable is automation. Tasks tin beryllium completed instantly and simultaneously. A manual attack volition origin further downtime arsenic the corruption spreads successful your IT environment. Everyone agrees that automation is the key, including 93% of respondents of IDC’s survey who stated they had automated betterment tools.

So, astir 9 retired of 10 respondents said their information resilience tools were businesslike and automated. However, if this were true, fractional of those attacked would not person mislaid data, and galore less would person paid the ransom.

So what does this mean? The biggest takeaway is that you request to instrumentality a look astatine your environment. Do you person a program successful spot for responding to a ransomware attack? Does it instantly unopen down your situation to bounds further harm portion you investigate? Can you automatically retrieve infected systems arsenic well?

If your chances of getting deed with ransomware are the aforesaid arsenic a coin toss, present mightiness beryllium the clip to instrumentality disconnected the rose-colored glasses and get to work.

W. Curtis Preston is main method evangelist astatine Druva.