With the drastic changes that our society has felt on a global scale since the onset of the COVID-19 pandemic, it's no secret that a 'new normal' is materializing in real time. Organizations have had to rapidly adapt to remote working models on a moment's notice. This change has also inadvertently created a haven for hackers to take full advantage of potentially vulnerabe systems and unsuspecting workers with a significant rise in phishing and ransomware attacks with COVID-19 rhetoric as the primary hook to lure people in. We published a post a few years ago on what to look out for in the event of a ransomware attack and the precautions are no different today.

Originally published in 2017:

With the recent WannaCry ransomware attacks that affected more than 150 countries worldwide and with the threat of more attacks to come, we wanted to share some important reminders from a 2016 blog post on how to protect your data from the dangers of ransomware.

Computer-related crime is becoming increasingly hostile. 
This recent surge in ransomware attacks against organizations of all sizes has added a new sense of urgency to ever-increasing security worries while taking steps to ensure their data is protected from cyber extortion. Many studies report that since 2015, the threat of ransomware has increased by 165%.*

Ransomware is malicious code that uses advanced encryption algorithms to block system files and the attacker demands payment in exchange for the key that can decrypt the blocked content.

Protecting your data from cyber attacks
There are many ways to help protect your company against the latest ransomware attacks. However, attacks are evolving in complexity and should other security measures fail, leveraging an uncontaminated backup could become your last line of defense.   

There’s no protection from ransomware without a secure backup
Beyond isolating the attack, one of the first questions a security professional will ask you when you report a ransomware attack is whether you have secure backups available. The good news is that there are some basic steps to protect your company and your data from the threat of ransomware.

These best practices will help you get started:

1. Backup all your data: Ensure you are backing up all your important data, including distributed data.

2. Architect your backups: Ensure your backups are architected properly to include backups off of the production network. Air Gap backups are recommended to be part of the backup scheme.  You’ll also want your backup to be sent to a separate system than your current operating environment.There are many available options to achieve this today.  However, understanding the implications of options for your data and security such as replication, cloud storage, disk versus tape is complicated.   

3. Have strong backup policies in place: Ensure you have effective backup retention policies.  Malware can linger and if discovery is delayed, there is an advantage to having backups available longer or more copies of backups than you may have traditionally thought required based upon compliance.   

4. Isolate your backups: Develop a strategy and operation plan for restoring systems from scratch should malware be detected on machines.  You likely will have differing processes for physical servers, virtualized servers and workstations.  

5. Keep copies handy: Revisit replication versus backup to ensure an air gap copy of data exists.

6. Don't forget to test: Test your backups and media regularly (quarterly). Although there is software and media based error reporting notifications, the only way to ensure a backup works is to test it. Periodic exercising of your restore process operational plan should be carried out to ensure it’s still functioning after software/firmware changes, version updates, etc. 

There are many enterprise customers who reach out to Sentia when they discover an issue with a component of their backup infrastructure.  With the current threat landscape facing enterprises, don’t wait to make sure your backup is architected, configured and operating effectively.  

If you need help to re-evaluate your back-up strategy in the face of current ransomware threats amid COVID-19, Sentia can certainly help.

Don’t wait until you've already been hit. Act now to protect your assets.

Feel free to reach out to me directly with any questions. Stay safe.

Stephen Nowicki
Network Practice Lead, Sentia

*McAfee Labs Report Sees New Ransomware Surge 165 Percent in First Quarter of 2015

*COVID-19 – Malware Makes Hay During a Pandemic