There is no doubt that the ransomware threat is ever increasing, however I believe that many organisations still operate under a view that it won’t happen to them. We’ve seen a surge in attacks, more types of organisations targeted and ransom demands increasing all the time. There has also been a rise in organised ransomware gangs hitting us in ever more sophisticated ways.
The pandemic has also made things worse. Companies, schools and other organisations have had to accommodate employees working virtually, which has created more opportunity for criminals. Malicious actors don’t play by the rules which allows them to be agile, adaptable and always on the offensive. It’s critical that companies take this threat seriously and take steps to introduce multiple layers of security to minimise the risk of attacks as unfortunately, we are now at a stage where it’s not ‘if’ you will be attacked but more than likely ‘when’.
The major concern is that attackers are now moving away from large generic automated attacks, pivoting to more complex targeted attacks. The result of this is that targeted attacks are much harder to recover from and the cost of remediation increases – over the past twelve months it has more than doubled. Furthermore, the average remediation cost of a ransomware attack is twelve times higher than the average ransom payment.
Recovering from ransomware is not instant. Files are inaccessible and systems are down until you find the root cause and remediate the situation. Do you have software that will tell you exactly what happened and when it happened? Do you know exactly what needs to be recovered? It will take time to investigate logs and figure out what happened. Not a problem you say, IT can just recover from the last backup. But it’s not instant – it takes time to restore all the files from backup.
Let’s say you have a great system, not one that you skimped on because backup systems cost a lot of money and are rarely used to their fullest extent. You didn’t reuse the old out-of-support servers and storage for this backup system, you didn’t scale back how long you keep your backups because you didn’t have enough space to keep backups that long. Nope, you were smart, you bought the best backup system out there and you have tested it repeatedly. You know that it works and works well. Spoiler alert: no company has this system. Many say they do but look into your backup system – I bet it is either undersized, underpowered or funded fully in next year’s budget…
But just to bring some sunshine to this disaster, you do have the greatest backup system available. What you don’t have is any idea what happened or when it happened. This will take time to figure out. Let’s say it only takes one hour to figure out that the ransomware deployed sometime in the middle of the night and you have an immutable backup so you can recover everything without losing a thing. You start the recovery and figure you will be backup completely in about four hours. But you haven’t addressed the 500-pound gorilla in the room – the ransomware is still in your system, as you are recovering, files are being encrypted again. Back to the drawing board.
You must find where this all started and eradicate from there. More time and more investigation. Do you not have a way of doing this? Need to call outside help? More time, more costs. Let’s say you call an outside consulting firm – they get right to work. In four days’ time they have isolated the incident and found that your recovery point needs to be a week earlier to guarantee that the ransomware is eradicated. In a short five days you are back up and running. It only cost 100K for the consulting company to come in and figure everything out and I use that number loosely. Do you really think the consulting company, that you need to get you up and running ASAP, is going to give you a great deal or do you think they will charge as much as they believe they can get away with?
The point is that companies need to understand that this is a scenario they could face and although we talk about many scary numbers attributed to ransomware attacks, the real costs are in remediation. The truth is that ransomware attacks are evolving all the time and companies must come to the realisation very quickly, that this threat is real and not going away any time soon. It’s critical that companies have a robust approach to protect their environment and a layered approach to introduce new technology and not rely on the traditional ways of recovery.
Steve Arlin is Vice President sales UKI, Americas and Asia Pacific at ProLion where he is responsible for all sales, channels, and alliance activity. He has extensive experience in the technology space and has a thorough understanding of customer requirements regarding data storage and its protection. He has held several account director and sales leadership roles at several market-leading companies including TinTri, Commvault, SCC, and most recently NetApp.