September 30, 2021 | Matt Pacheco
How Disaster Recovery Strengthens Ransomware Defense
When it comes to disaster recovery, ransomware needs to be in your plan
What does your backup and disaster recovery plan include? For most businesses, natural disasters are top of mind, which makes sense. It’s even in the name. However, human error, and more urgently, ransomware attacks, also require proper disaster recovery plans and recovery capabilities to get your business back up and running quickly.
What is ransomware?
While there are many types of ransomware, most fall into two main categories and share some similar traits. A cybercriminal infects your computer, usually through a highly targeted email (spear-phishing) or by getting a user to visit a website infected with malicious code.
They may either block you from accessing files with a pop-up demand for ransom (lock screen/screen locker ransomware) or scramble your data in a way you cannot read or access (encryption ransomware). Either way, the goal is to get you to pay a ransom to regain access to your data
The cost of ransomware
Generally, the ransom is paid with Bitcoin, and once paid, the decryption keys tend to be successful. However, criminals are also known not to deliver the data depending on their honesty and follow-through. It’s estimated that ransomware costs were $20 billion in 2020 and that the average payout increased by 171%, regardless of the size of the organization.
Small businesses are equally at risk. On average, the cost to recover from ransomware, including reputation recovery, productivity, and service disruption, plus the ransom, was $1.4 million.
Ransomware as a Service & ransomware tools
Cybercriminals are making it easier for people who want to exploit businesses and individuals to do so with services that can be ordered much like SaaS. Skilled cyber attackers are selling Ransomware as a Service (RaaS) and Ransomware kits on the Dark Web to give anyone the ability to mount an attack. To get these services, would-be criminals pay a subscription fee, or a percentage of the ransom received to use the ransomware, and the fees for distribution services, software updates, and tech support. The ransomware distributor would then conduct the attack on the payer’s behalf or provide them with the tools to do it.
Also read: Should You Be Concerned About Ransomware as a Service (RaaS)?
Recovering from ransomware: recovery point and time objectives
When you think about a disaster recovery plan that’s ready for ransomware, you need to think about not just the recovery point that needs to be restored via backup solutions. But also the recovery time it takes for your organization to get back to normal, and your ability to recover in general.
Also read: 3 RTO and RPO Considerations for Your Disaster Recovery Plan
What’s the best way to avoid paying a ransom?
If you have a data backup program that is secure and validated, that can help you avoid paying the ransom. Any time a business pays a ransom, it encourages more cybercriminals to use ransomware. So a system for backup files is beneficial for your business and other businesses as well. However, even if you avoid paying the ransom, it can take 40 employee hours to replace data and recover systems.
What does a good disaster recovery plan look like?
When you’re making a plan for disaster recovery, ransomware should be as high of a priority as any other disaster.
When ransomware hits an organization, it usually comes through a user via malicious email. If just one person triggers the ransomware, it can spread throughout the network. A good DR plan understands that time is of the essence, and that the best course of action aligns recovery priorities with your business goals. A strong plan can:
- Prevent a disaster from affecting IT systems, whether it is man-made or natural
- Restore IT systems or keep them running when disaster strikes
- Help protect and preserve the mission-critical data vital to your business
When you’re making a plan, you should tier your applications and operating systems to determine which critical systems need to get up and running first. Determine what your recovery point objectives (RPOs) and recovery time objectives (RTOs) are and work backward from there. This can help you determine the method of replication, who to involve internally and externally, and what is realistic based on your business goals, budget, and bandwidth in terms of getting back to normal.
What is Disaster Recovery as a Service?
One of the best ways to ensure you are prepared for a disaster is to work with a provider that offers disaster recovery as a service (DRaaS). With DRaaS, the third-party provider replicates the data and hosts backup copies in their cloud service.
DRaaS also boasts faster recovery times with minimal data loss, compared to more traditional solutions, like shared-storage disaster recovery or secondary data centers. Businesses have been moving more to DRaaS and that trend is set to continue growing. Your RPO could go from 24 hours to 15 minutes with DRaaS. Imagine the money you could save by maintaining a day’s work or more.
Preventive actions you can take to defend against ransomware
Test the plan and keep up with security updates
Whether you decide to work with a provider that offers DRaaS or choose to work on an in-house plan, make sure you build with business continuity, RPOs, and RTOs in mind. You should also test your plan regularly. The last thing you want is to be unprepared in a critical moment.
Also, if you are handling your disaster recovery plan in-house, make sure you are keeping up with patches and security updates. Even the WannaCry attack in 2017 can be linked to negligent patching. Small details, such as failing to deploy the newest security patches, means you could be leaving your systems vulnerable to cyberattacks. Regularly check and/or turn on auto-patching to prevent this.
Add an ounce of prevention
A big part of ransomware protection is about stopping it before it can start to infect your organization’s devices. You can prevent some of the malicious content before it hits your user base by adding more security controls, like:
- endpoint detection and response (EDR)
- URL filtering
- web content filtering
- a sandboxing environment to evaluate suspicious emails
- spam filters
Educate your employees
If you’re worried you have a workforce that will click on suspicious links far too often (which is more than never), it’s also important to educate and test them. Share information on what ransomware looks like and test your employees occasionally. You can do this with spoof malicious emails to see who may put your organization at the highest risk. Clicks on suspicious links = automatic enrollment in cybersecurity training.
Learn how we can help you defend against ransomware
Want to learn more about the latest ransomware trends and what you can do to protect your organization against ransomware, including using DRaaS? Read our Strategic Guide to Disaster Recovery and DRaaS.