Disaster Recovery Mitigates the Impact of Ransomware

Disaster Recovery as a Service (DRaaS) could help you avoid paying ransom or losing files to ransomware. As one of the fastest growing and evolving cyber attacks, ransomware ties for first place with data theft as one of the two biggest cyber threats. It’s grown so fast that by 2017 ransomware appeared in 64 percent of malicious emails, according to
Proofpoint, and was responsible for 39% of malware-caused breaches, reports Verizon.

Ransomware payloads are often unleashed in an organization’s environment through its user community. An attacker may bombard an organization’s users with malicious emails hiding ransomware. Once triggered by a user, the ransomware often spreads beyond the initial user’s system – and keeps spreading through the network to create a big problem for the business.

Unlike data theft, which takes data out of an organization, ransomware locks up the data and demands payment to let it go. Business disruptions from ransomware are not just inconvenient; they can significantly damage a company’s reputation and bottom line. Of ransomware-infected small and medium-sized organizations, 22% cease business operations immediately, reports Malwarebytes.

Disaster Recovery as a Service (DRaaS) solutions can mitigate the damage from ransomware and keep the business functioning, so you can continue to meet the needs of your customers. Unlike traditional disaster recovery, DRaaS maintains available and frequent copies (or snapshots) of data, readily spools up systems on which to restore them, creates a platform for testing a clean recovery, and includes processes to fail back to regular operations.

The latest in ransomware tactics

“Between July 2017 and September 2017, there was a 700 percent increase in ransomware," according to Malwarebytes’ telemetry.

Ransomware has been around for years, primarily as an end-user computing problem. The user was tricked into executing a malware payload, the files on their system were encrypted, and a ransom was demanded to recover that system. In keeping with the size of the target, ransoms were relatively small amounts.

Learn more about building a disaster recovery plan - read The Strategic Guide to Disaster Recovery and DRaaS

That changed with self-propagating ransomware, such as WannaCry and Petya/NotPetya. Software backdoors such as EternalBlue in the Windows Server Message Block (SMB) file sharing protocol, and Active Directory vulnerabilities, provide powerful access for nefarious attackers to spread their malware beyond a single user’s system. Using a worm-like vector, the ransomware can find its way through a business network and attack all the machines that are a part of the environment.

Attackers can even find and target the most important systems in your network, instead of encrypting at random. They can find Exchange servers, database servers, ERP systems and SAP databases and the like – and prioritize attacks against those systems, because that’s the data to hold hostage: the most important data to the organization. In turn, ransom amounts have skyrocketed.

Making the ransomware problem even worse was the creation of a new business model, ransomware-as-a-service (RaaS), which the availability of uncontrolled and unmonitored cryptocurrencies, such as Bitcoin and Litecoin, enabled. Ransomware-as-a-service is openly advertised on the Dark Web, and authorities find it very difficult to shut down. RaaS is easy to consume: an average individual can download the Tor browser, search for RaaS, pay for the service with a cryptocurrency, and attack targets using the RaaS tool – with the goal of recouping the initial investment and turning a profit.

“By 2019, despite increasing effectiveness of countermeasures, successful ransomware attacks will double in frequency year over year, up from 2 to 3 million in 2016,” reports Gartner.

Expect more attacks, and more successful attacks. The reality is that enterprises have been caught unaware and had no choice but to pay the ransom – hoping that the source of the malware would and could provide access to the targeted files. In some instances, malware that said it had encrypted files, actually deleted them – resulting in no chance of recovering them even after a ransom was paid. The organization could face permanent data loss and scramble for out-of-date archives that were not nearly as valuable as their current data sets.

Prepare now to recover from a ransomware attack

If you were in a ransomware situation and had to mitigate a ransomware attack, DRaaS solutions offer big advantages over traditional disaster recovery methods. Specifically, DRaaS is designed for recovery in a timely and practical manner. Data loss is minimal (less than 15 minutes) and recovery is much faster (a few hours, instead of days). DRaaS can even improve your organization’s speed of patching to minimize vulnerabilities exploited by ransomware and other malware.

Besides being faster, DRaaS recovery is also safer in a ransomware incident. The short recovery time of DRaaS can allow an organization the flexibility to restore and test a recovered environment in a safe space, to avoid reinfection. DRaaS can also allow the incremental rewinding of the restore point and re-testing, before committing to a full recovery.

Patching software to close vulnerabilities that could be exploited by malware is a key step to preventing ransomware infection. DRaaS helps with patching too, by making it safer to patch production and dev-test systems – so your organization is more likely to apply patches and upgrades sooner. Specifically, DRaaS supports the testing of patches in a test bubble, which reduces risk. With more regular patching, your systems are less likely to be infected by self-propagating ransomware and other malware.

Webinar: Watch Now - From Hurricanes to Hackers: The Expanding Horizons for Disaster recovery

Watch the webinar, “From Hurricanes to Hackers:
the Expanding Horizons for Disaster Recovery
to learn more about the impact of DRaaS on cybersecurity.

Take the next step

Having a plan to mitigate ransomware damage is more than a good idea. Take the next step before a cyber threat causes an unplanned outage at your organization. Review and strengthen your organization’s disaster readiness plan with a disaster recovery strategy session.

David Hines

David joined Hosted Solutions, now TierPoint, in 2010 as Sr. Manager of Systems Engineering and Cloud Computing. His is currently responsible for leading the Architecture and Engineering team in the development and management of TierPoint’s Infrastructure as a Service portfolio, Network Services, and Managed Services solutions. 

Subscribe to the TierPoint blog We'll send you a link to new blog posts whenever we publish, usually once a week.