Extortion. Ransom. International crime syndicates. No, this isn’t a description of the latest Daniel Silva thriller. For many, however, it could be the start of a very bad day at the office. Or, as author Judith Viorst might call it, “a terrible, horrible, no good, very bad day.” Unless, that is, you have a virus backup plan in place beforehand (and not just any virus backup plan, but a very good one).
What happens to turn an average day into a bad one? It all begins with clicking on a corrupt email link or ZIP file attachment: Someone in your organization has just taken the bait of a ransomware phishing campaign. Ransomware goes by a number of names and methods: Cryptolocker and CryptoWall are early, effective versions. Today, you have Locky and Bart. Whatever the strain, ransomware is designed to infect your system, encrypt your files and spread itself to other systems on the network. In order to unencrypt the files, you are often required to pay a digital Bitcoin ransom to the perpetrator.
“Not on My Watch!”
Are you under the impression that this can’t happen to you and your organization? After all, you keep users’ systems updated with the latest patches, and you pursue ongoing education and training to keep employees from falling for this kind of email ruse. You even segment network traffic to keep a potential virus from running amok.
Unfortunately, despite these best efforts, your organization may still be at risk. In Verizon’s 2016 Data Breach Investigations Report, the company analyzed more than eight million results from various vendors’ sanctioned phishing tests in 2015. Verizon found that an average of 30% of all phishing messages had been opened by the targeted individual. Furthermore, 12% of targets went on to click the accompanying attachment or link. In a real-world scenario, this action would have launched an attack.
When Prevention Turns to Disaster Recovery
What do you do if as much as 12% of your users are likely to succumb to ransomware’s lure at any given time?
While you can easily pay the ransom, law enforcement and IT security companies don’t usually recommend that you take this action. Instead, organizations like The No More Ransom Project place backup at the top of their list of recommended actions to minimize ransomware’s fallout. Sure, almost every organization performs some type of backup. But what separates routine backups from those that make a really bad day more bearable? It’s all about how well you recover.
Once ransomware takes hold of one computer or many, IT’s job becomes one of disaster recovery. Here, the plan should include tiers of data protection and recovery based on how soon certain systems and data need to be back online following a disaster. This type of plan may involve replication, snapshots and backup to the cloud, as well as tape or disk backups that are physically removed from the network.