Highly damaging ransomware attacks against the public sector show no sign of abating. A couple of weeks ago, Key Biscayne became the third local Florida government to get hit by ransomware within one month. This incident came on the heels of two widely publicized attacks that shut down email servers, emergency response systems and online public services in Lake City and Riviera Beach, Florida.
Ransomware locks down an organization’s IT systems and demands a ransom payment (typically in Bitcoin) in return for a decryption key. In the cases of Lake City and Riviera Beach, the victims paid a total of more than $1 million to decrypt their data and regain access to their systems.
In all three instances, the attack started when city employees unknowingly clicked on an email attachment (i.e., phishing) that infected their computers with malware. Once installed on an endpoint device, today’s sophisticated ransomware can quickly spread across the network and lock down an entire organization.
Why Organizations Are Vulnerable to Ransomware
Ransomware attacks are difficult to stop because they target the weakest leak in the IT security chain – the user. These attacks are particularly common in public sector organizations, like municipalities and hospitals, which typically have antiquated IT systems and lack advanced security tools and user training.
Equally disturbing is the fact that many ransomware victims simply choose to pay their attackers. This is because the cost of not paying the ransom – permanent loss of critical/sensitive data as well as mitigation and recovery efforts – is exorbitant. The city of Baltimore was hit by ransomware in May 2019 and chose not to pay the hacker’s original demands of $76,000. To their chagrin, recovery efforts took over one month and cost more than $18 million.
Ways to Fight Back Against Ransomware
While you can’t prevent your organization from being targeted by a ransomware attack, you can take steps to protect your data. In this way, you’ll be positioned to avoid paying the ransom and to recover quickly in the event of an attack.
Based on the Department of Homeland Security (DHS) recommendations and other best practices, organizations should take the following measures to protect against ransomware:
- Secure your perimeter and your edge devices (PCs, laptops, etc.)
- Update your systems to include the latest patches and software updates.
- Offer cybersecurity awareness training to your employees and educate users to identify and avoid phishing attacks
- Use antivirus software, firewalls, email filters and other preventative software to guard against malicious network traffic
- Make sure all your data is backed up in a secure and reliable fashion (my colleague recently warned against some basic data protection misconceptions)
- Back up all files and systems and retain backup versions in a read-only repository
- Be sure to physically separate your backups from the main copy of your data
Drawbacks of Traditional Solutions
While virtually all enterprises and large organizations employ backup products, most of these tools were not built to protect data against ransomware attacks that can lock down a network in minutes. This is because even the most efficient endpoint and server backup products operate with a backup interval setting of 4-8 hours – nearly a full business day.
Thus, in the best-case scenario, this means losing up to a day’s worth of productivity following an attack. If you’ve got hundreds or thousands of users, this is a huge productivity loss.
Effectively fighting back against ransomware requires a data management strategy that goes beyond endpoint security or backup. True data protection means reducing backup intervals from hours to minutes, while ensuring that data is always encrypted so that it cannot be used by attackers.
Advantages of a Secure Edge-to-Cloud Strategy
End-to-end security is a “must” for protecting data from ransomware and other cyber threats. In modern cloud-driven enterprise environments, this means protecting your data at the edge (where it’s created), in transit (over the network), and in the cloud (where it’s stored).
Building a secure edge to cloud strategy can help organizations protect their data and prevent potential damage from ransomware and other cyber threats. Such a data management strategy should include the following key elements:
- Virtual Private Cloud – Data management and file services should be performed 100% within the firewall – whether on-premises or using public cloud infrastructure.
- End-to-End Encryption – Source-based encryption should be used to secure data before it leaves your devices, offices and servers. This means that in the event of an attack, even if your data is temporarily locked, it cannot be read.
- Smart Data Control/Protection – Global File Systems let you track file changes across the entire organization and create incremental versions of files as they are updated, reducing recovery point exposure from hours to minutes.
With such a strategy in place, data can be restored in minutes and operations can resume as usual. You’re in control of your data, and you’re no longer vulnerable to the hacker’s demands.
As the attack landscape continues to evolve, I believe we’ll see more and more enterprises and large organizations adopting secure edge-to-cloud solutions to meet their growing data protection and business needs.