Over the past two weeks, two Florida municipalities have paid a total of $1.1 million to cybercriminals to regain access to their IT systems and data following ransomware attacks. In May, the city of Baltimore was hit by a similar attack and decided not to pay the ransom. The result: after 36 days of remediation efforts at a cost of $18 million, the municipality’s systems were still not fully restored.
These recent examples are just the tip of the iceberg. Ransomware attacks have reached epidemic proportions, as criminals refine their techniques to target the most valuable data and extract higher payouts. Given the choice between paying a six-figure ransom payment or losing your data forever/shutting down operations for days or weeks, many organizations prefer to pay.
On the other hand, our experience shows that organizations with effective data protection and disaster recovery systems in place have been able to weather ransomware attacks without compromising data and without paying the ransom.
Correcting Common Data Protection Mistakes
Like many of my colleagues in the IT world, I used to think that the concept of backup is simple. However, after a good friend of mine who happens to be an amateur photographer recently lost 12,000 photos to ransomware, I changed my mind. The truth is that many people don’t really grasp the concept of backup, and this lack of understanding could end up costing them a bundle.
What do people like my friend do? They buy a 3TB USB hard disk and periodically copy their files to this external drive. Then they continue working with an air of invincibility, as if they just stored their important files in a Pentagon vault.
Then comes the ransomware and wipes out all their files – from the main computer and the USB drive. Here lies the shocking misperception, which must be addressed immediately if we are to stand a chance against ransomware and other such threats.
Copying files to a connected USB drive is not a secure and reliable data protection strategy. Effective protection must meet two critical requirements:
- It must retain previous versions of your files for a specific retention period (minimum of 30 days), and those files must be in a read-only repository so that they cannot be deleted by a malicious software.
- The archived copy must be physically separated from the main copy of your data.
No Excuse for Lack of Backup
From simple consumers to businesses of all sizes, there is no excuse today for not having a secure and reliable way to prevent data loss. Low-cost, cloud-based file sharing and backup solutions abound – Box , Dropbox, Google Drive, OneDrive, and Carbonite just to name a few – and tick both of the above checkboxes at an affordable price. For example, 2TB of storage on Google Drive (enough for the vast majority of consumers) costs only $10 a month.
If you happen to be an enterprise IT administrator, there are also professional grade solutions that allow you to protect your users’ data against ransomware and other threats. Secure, edge-to-cloud data management solutions, such as those offered by CTERA, also provide business benefits beyond data protection. These solutions enhance user performance, business agility and collaboration, as well as supporting the governance and compliance needs of today’s enterprise.
By avoiding common pitfalls and adopting a secure cloud data management strategy, organizations can minimize their vulnerability to ransomware and ensure the integrity and availability of their most important asset – their data.