Ransomware is a horrible reality, so what should you do?

28 Jun 2017

Image: Paul Wilshart/Shutterstock

WannaCry, GoldenEye … which ransomware will hit you or your business first? It’s tough to fight against, so preparation is key.

“By failing to prepare, you are preparing to fail.” Benjamin Franklin’s forewarning of ransomware could not have been more accurate.

When WannaCry ripped across the globe, from east to west, everybody who was anybody in the cybersecurity world said this was merely one of many similar threats destined for our hard drives.

As May turned to June, WannaCry 2.0 warnings grew and grew, and then Petya, a ransomware investigated by Kaspersky Labs in recent weeks, came into focus.

Soon, GoldenEye (a strain of Petya) became the latest nightmare to emerge from the east.

Russia’s top oil producer, Rosneft, and several banks in the country were hit. Ukraine’s central bank and metro system also fell victim, as did Kiev’s Boryspil Airport and electricity supplier Ukrenergo.

The virus then spread to Denmark, Norway and the Netherlands, via shipping giant Maersk’s Russian subsidiaries. It affected ad agency WPP in London, French construction company Saint Gobain and Spanish food giant Mondelez.

India was hit, Chernobyl operators panicked, everybody feared the worst.

There’s little to be done in real time, with corporate decision-making in advance of such attacks often of far more significance.

So, with WannaCry, Petya or GoldenEye laying what’s expected to become a well-trodden path for ransomware in future, what can you do?

Try thinking of an offline silo, for one.

Offline is secure

“A key thing to remember is that if your backup is being made on the same network as the data is being hosted, it is likely to be affected equally by any ransomware attack,” explained Tibus, a web hosting company.

“For that reason, it is important to ensure that your backup is being stored off-site.”

Disaster recovery is a slow process, and it’s one that needs a detailed plan. Do you need to be back online in an instant? Can you handle a slower, less costly recovery? Depending on the company, only one of these things needs be true.

Money talks

Another consideration is the cost of the backup. For example, if you pay a daily or monthly fee that outstrips your income, it makes the recovery option a bit counter-productive.

All the steps below come at a cost. Establishing what works for your company is a purely individual process.

Back it up

“A business consultancy with a brochure website advertising its services to clients in a single geographic market could probably be offline for an entire night without any serious or lasting effects to the business,” said Tibus.

Should something similar happen to, say, Amazon, or Airbnb, then it’s a bit more problematic. These truly 24/7, global operations need a far better disaster recovery plan.

In all cases, though, backups are key. Back up offline, and back up regularly.

Regularity is up to you

“As a bare minimum, you should be taking regular backups of your website and any other data stored on your server,” said Tibus.

This could mean daily, hourly or even real-time, with the cost obviously growing the more regularly you back up data and content.

Site 2.0

Beyond this, and again probably a costlier option, is to have a replicate site, with live data and up-to-date content, hosted at a remote location.

In the case of a news site, for example, this could then be substituted in at short notice while the affected site gets dealt with.

Test, test and test

The last area of note is testing, both the bane and a necessity of web operators. Tibus noted customers in the energy sector– those who would need real-time reactions across the board – as those most likely to engage in this practice.

This would see disaster simulations regularly forced on the relevant company’s defence systems, to see how it can handle certain strands of ransomware.

This is not a perfect practice, though, as the attackers often find a way. The best bet is to be as well defended as possible, hoping the attack passes your defences by, and moves on to someone else.

Wake up

Bob Hammer, CEO of cybersecurity company Commvault, said: “The latest global ransomware attacks are yet another wake-up call for business as a serious threat, and not just another cybersecurity technology challenge.”

“Companies must evaluate ransomware threat readiness – and many are disturbingly unprepared.

“A strong security and defence strategy, together with a strong data management strategy and educating employees on ransomware, are all essential to mitigating enterprise data vulnerabilities.”

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com