Lessons in Beating Ransomware From a Jedi Master

Luke Skywalker: I'm not afraid! Yoda: Ehh. You will be. You will be.

(The Empire Strikes Back)

If you’re not yet worried about ransomware, wait a little while. Given the meteoric rise of this new malware threat, it is inevitable that you or someone you know will suffer from an attack that can disrupt your business for days and costs thousands of dollars to mitigate. If you don’t know anything about the subject, you’re in decent company: a recent study showed that 60% of US office workers have no idea what ransomware is or how much of a threat it poses to businesses.

If you’re interested in moving out of the category of untutored Padawan, we’ve spent the last few weeks here looking at ransomware: what it is, why it has become one of the online underworld’s favorite new scams, how it has grown from almost nothing into a billion-dollar criminal enterprise  in a few short years (with no end to its growth in sight), and how it manages to evade many traditional IT defense measures. We’ve also looked at how smart service providers are getting into the anti-ransomware business, correctly sensing that this fast-growing threat presents a business opportunity to help customers in fighting off the bad guys.

To recap: ransomware is a type of malware that gets onto servers, PCs and mobile devices, encrypts every file it finds, and then demands that users pay a ransom (from hundreds to thousands of dollars, depending on the value of the target) to get a decryption key so they can get their files back.  Criminals have jumped into the ransomware racket because it’s extremely lucrative and doesn’t require deep technical skills to become a distributor. The gangsters have achieved exponential growth and profits with this malware by mimicking the distribution model of the SaaS industry.

The most sophisticated ransomware variants are highly skilled at evading IT security defenses like anti-virus scanners and applications sandboxes. It turns out that the only perfectly reliable defense against a ransomware attack is rigorous backup, which lets you regress an attacked system to its state prior to the malware breach. In this case, “rigorous” implies frequent backups to minimize data loss, as well as the inclusion of offsite backups (typically to a public and/or private cloud) to ensure protection even if the ransomware is the type that can spread to other local systems, including backup servers.

To understand exactly how backup works to defeat a ransomware attack, enabling victims to recover their files without ever paying the bad guys their extortion fee, it’s useful to examine a few case studies from the real world:

• A construction company based in Indiana in the United States stores large volumes data on virtual servers with backup to a private cloud. It suffers a ransomware breach that encrypts the hard drives of its file servers, locking up 17 years of accounting data. Rather than paying the ransom, the company wipes the infected machines and restores them from its private cloud backup in less than a day. Download the case study here.

• A car dealership in Ontario, Canada backs up its data center’s virtual machine environment to an offsite location. When it falls victim to a ransomware attack, it wipes the compromised machine and restores it from its remote backup, resuming normal operations in under two hours. Download the case study here.

• A managed services provider based in Colorado in the US offers cloud-based backup services to its customers. When one of these customers, a dentist’s office, suffers a ransomware attack, the MSP is able to restore it to its pre-breach state in a matter of hours. Download the case study here.

• A company backs up 8TB of production data to both local backup servers and to a cloud backup service provider, with a scheme that runs monthly full backups, weekly differential backups, and daily incremental backups. When a ransomware breach infects 23 of this company’s systems, the cloud backup service provider responds by using an overnight courier to ship a large-scale recovery hard drive containing backups of the compromised machines. The customer is able to restore all of its infected systems in under 22 hours. Download the use case here.

In short, there’s already a highly effective defense against ransomware, based on technology with which you are already familiar, and which despite the best efforts of criminal software developers is impervious to their cleverest evasion techniques.

If any of your systems are breached, you simply use backup to wind them back in time to the point before they were compromised. Your business can swiftly resume operations without ever paying a ransom.

You needn’t undergo months of training on a remote world under the stern discipline of a pint-sized taskmaster to overcome your fear of ransomware. A data protection regimen combining both local and cloud-based components is all you need. With apologies to Yoda, if you want to beat ransomware, “Back up, or back up not: there is no try.”