The real damage of a ransomware attack is felt in the downtime

To date, the WannaCry ransomware has infected at least 100,000 organisations across 150 countries making it easily the largest and most disruptive ransomware attack ever launched. It locked computers that run the NHS in the UK, Spain’s primary telco, Germany’s national railway and scores of other companies, factories and government agencies worldwide.

What’s been so disappointing about the news coverage is the overly simplistic guidance being offered up to organisations victimised by the malware. The “best” practices being touted boil down to downloading the Microsoft Patch, updating antivirus signatures and backing up critical files, often.

These are obviously must-haves, but, what’s not being discussed is the real damage being inflicted on the WannaCry victims and the measures companies can take to mitigate downtime: the silent killer of ransomware.

>See also: NHS Trust successfully fought back WannaCry ransomware with AI

Some back-of-the-envelope calculations reveal some pretty frightening statistics.

• Number of organisations Infected (so far): 100,000
• Average amount of downtime: 33 hours
• Approximate cost of downtime/hour: $1000
• Global cost of downtime: $3.3 billion

There’s a variety of costs embedded in this $3.3 billion figure, including lost sales, lost productivity and bad publicity. But, it’s the inability for employees to operate critical tasks that generally represents the lion’s share of the downtime losses. And this brings us back to the guidance being peddled.

The sad fact is that none of these best practices are going to quickly restore mission-critical applications after files are encrypted by ransomware. The only way to do that is with a disaster recovery as a service solution (or DRaaS as it is popularly known).

DRaaS is a cloud computing and backup service model that uses cloud resources to protect applications and data from disruption caused by disaster. This could be a server crash, natural disaster or ransomware attack.

>See also: The global ransomware attack a cyber wake-up call

It gives an organisation a total system backup that allows for business continuity in the event of system failure. Technically speaking, DRaaS is the replication and hosting of physical or virtual servers by a third-party to provide rapid failover of critical systems.

If thousands of files have been infected then restoring these files with a cloud backup solution from clean, uninfected versions will take time to download (depending on the amount of data and size of your internet pipe) and reconfigure. And it’s this time lag that can crush a business if it lasts for an extended period.

By not having to copy data back to your production environment and rebuild the infected machine, DRaaS can be a huge time saver to restoring productivity and operational resiliency. DRaaS allows organisations to stand-up their systems in minutes because it does not rely on a two-step approach of recovering a machine and then recovering programs and data.

What if a production database (think SQL or Oracle) or mission-critical application got infected with WannaCry, how quickly could you recover? The impact of this downtime will also vary – in some cases, it may be trivial, in other cases, it could wind up being catastrophic depending on the business, size, industry and the types of transactions feeding your production databases.

With DRaaS, IT administrators can restore and virtualise complete, running systems from local or cloud-replicated backups. This keeps users productive while your recovery team can work to identify and eradicate the malware. Recovery is now measured in minutes vs. hours or days.

>See also: Ransomware: the new highway robbery

It’s time to move beyond sound bites (“just download the patch”) and start thinking about how organisations can minimise the downtime caused by ransomware. Unfortunately, even if a company patches the operating system, updates the latest AV signature and has a regular offsite or cloud backup solution, they can still be infected with zero-day attacks. And it will still take days and perhaps weeks to recover.

Undoubtedly, WannaCry will embolden new cybercriminals to develop new strains of ransomware and presumably demand even higher ransoms. Sadly, the massive WannaCry before it, and there will be, most certainly, many more to come.

Fortunately can rely on DRaaS, and it’s now become an affordable, simple and highly effective option for quick recovery of data and systems.


Sourced by Dean Nicolls, VP of marketing at Infrascale


The UK’s largest conference for tech leadership, TechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics