Hackers often use global events as cover for their criminal activities. But the sudden change in business operations driven by the COVID-19 pandemic has offered an unprecedented situation for hackers to exploit. Organizations scrambling to support work-from-home strategies have seen a significant uptick in cyberattacks.
Ransomware in particular has increased substantially since pandemic-related lockdowns began in March. In a new survey by Bitdefender, security professionals said they believe that ransomware attacks are up by an alarming 31 percent.
Of course, ransomware was already a serious problem. In a Sophos study conducted in January and February, 51 percent of IT managers said their organizations had been hit by ransomware in the preceding year. The 2020 Cyberthreat Defense Report from CyberEdge finds that 62 percent of organizations were victimized by ransomware in 2019, up from 56 percent in 2018.
Why Ransomware Is on the Rise
Many ransomware attacks begin with a phishing email that appears to be from a legitimate sender. The email will instruct the recipient to click a link, open an attachment or take some other action that enables the hacker to drop malware on the device, network or system. The malware encrypts all the files it can reach, then displays a message that explains how users can regain access to their assets by paying a ransom. Once it’s paid, the hacker promises to provide a decryption key.
There are two primary weaknesses that enable ransomware to proliferate. The first is a lack of security awareness among users. Phishing attacks work because users are unable to spot them and unaware of the risks involved. Security pros say that users tend to be less vigilante in a work-from-home environment.
The second is that more companies are paying the ransom, which pretty much ensures that attacks will continue. The Cyberthreat Defense Report found that 58 percent of ransomware victims paid the ransom in 2019, up from 45 percent the previous year. One reason is that attackers are more likely to follow through on their promises and provide the victim with the decryption key.
Backup Remains the Best Defense
Still, data backup remains the best way to mitigate the risk of data loss from a ransomware attack. According to the Cyberthreat Defense Report, 56 percent of organizations recovered their data from backups versus just 26 percent by paying the ransom.
Data should be backed up frequently to meet recovery point objectives and keep potential data loss to an acceptable level. Because restore time will often determine the true impact of a ransomware attack, recovery time objectives need to be established based on an acceptable period of downtime.
More often than not, however, ransomware attacks don’t stop with a single device. They typically spread across the network, including the backup environment. That means your backups need to be protected from malware. One approach is to create an “air-gapped” backup system that’s isolated from the rest of the IT environment so malware can’t get to it. However, that comes with cost and complexity challenges along with the risk that scheduled backups will run before the ransomware attack is detected.
Immutable backup solutions offer a better alternative. They create snapshots that cannot be altered and maintain backups in a read-only state so that ransomware can’t encrypt it. Best-in-class solutions provide instant access to backup data and flexibility in the recovery process.
Your ability to protect and restore critical data will determine the full impact and cost of a ransomware attack. Let us help you architect and implement a backup strategy that keeps your data available and your reputation intact.