There is no question ransomware is a favourite tactic among cyber criminals today. According to the 2017 Verizon Data Breach Report (DBIR), ransomware is now the fifth most common attack type.
It also went from being a headache for individuals to a real problem for some of the biggest brands out there. Earlier this year, the massive, well-coordinated attacks WannaCry and Petya brought several global businesses to a halt.
If a steady cadence of high-profile, costly attacks in the news isn’t enough to make you worry about ransomware, growing public warnings from US and European officials might. In May 2018, when GDPR goes into effect, the cost for losing your customers’ data will likely be much higher than the ransom you pay to get it back.
GDPR provides companies guidance on how to securely maintain the personal data they collect from their customers. This includes what to do in the event of a ‘personal data breach’ which is defined by the official European Union regulation as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or other otherwise processed.
While there is no fool-proof way to prevent an attack, there are measures you can put in place today to better defend against ransomware and ensure your data doesn’t fall into the wrong hands. Additionally, when an attack does slip through the defences, a quick recovery is possible if you have a solid remediation plan in place.
Axway and Syncplicity have recently collaborated to provide users with an efficient enterprise file sync and share (EFSS) solution. Utilising their greater knowledge and combined expertise, here are a few practical guidelines to help you and your organisation gain maximum ransomware prevention and recovery mileage.
Back up files in real-time
While there is no single solution for preventing ransomware attacks, a consistent recommendation from experts across the industry is ‘Backup, Backup, Backup’. For most enterprise users (and consumers), that’s easier said than done.
It’s a behaviour that often requires extra manual steps and backup jobs that usually never complete. Implementing a real-time backup ensures you can continuously sync all your folders in real-time, eliminating any worries about data loss.
Establish an enterprise retention policy
The most common ransomware variants attack by deleting files and replacing them with renamed encrypted versions or by retaining filenames and encrypting the contents in place.
Develop a retention policy with granular file retention settings, including active files, deleted files and past versions that allows you to retain deleted files forever, or for a specified time period, so that your original files can be retrieved after they are deleted by ransomware. Administrators should also review your file versions retention policy, to control how long prior versions of a file are saved after they have been edited or overwritten.
Exclude risky file types
To contain and stop the spread of an attack, it is crucial to block problem file types from syncing within your backup.
Prevent the damage from spreading throughout the network and pre-emptively block known crypto document types, for example those with the ‘.locky’ and ‘.crypt’ filename extension, and also block potentially malicious executables such as ‘.vbs’, ‘.scr’, and ‘.exe.’ to prevent any further risk to your data.
Eliminate or reduce email attachments
Ransomware often enters a system via email when a user unknowingly sets it loose within the organisation by opening an infected attachment. One way to reduce your organisation’s risk is to train employees to share links to files rather than opening attachments directly from their email clients.
Establish a recovery plan
The restoration process after a ransomware attack can be time consuming and costly resulting in significant business impact. The attackers are betting that you’ll pay the ransom to get business moving again. However, with a retention policy in place that includes real-time backup, admins and/or users can restore files to prior unlocked versions and restore deleted files.
In addition to mandating protection of customer data, GDPR also outlines failure to comply penalties and the price tag could be very high. Fines could be as much as 2% – 4% global annual revenue depending upon the size of your organisation.
If you fall victim to a ransomware attack and personal data is impacted, your recovery plan could mean the critical difference between ‘personal data breach’ notification and subsequent fines, or not.
Sourced by Richard Farnworth, UK Country Manager, Axway