Protection Against The Rising Threat of Ransomware

By Hubert Yoshida posted 05-04-2021 20:37

  
ransomware.jpg
The New York State Department of Financial Services (“DFS”) reports that ransomware attacks have almost doubled in the last year. Ransomware is where a cyber attacker installs malware that encrypts a victim’s computer system or files then demands a fee or ransom to unlock the encrypted data. Payment is enabled by the increasing use of crypto currencies which are untraceable. Research by BlackFog, a Crypto Security Company anticipates that a business is attacked by a cybercriminal every 11 seconds and damage costs from these attacks will hit around $20 billion by 2021. With damages from all cybercrime expected to hit $6 trillion this year (up from $3 trillion in 2015), they expect the number of ransomware attacks to increase and newer forms to become more sophisticated and disruptive. This is more than the entire proposed federal budget for the United States in 2021!

Recovering from a ransomware attack can be very costly. Another global survey by Sophos.com indicated that the cost of recovery including business downtime, lost orders, operational costs, and more, was an average of $1.85 million in 2021. The average ransom that was demanded was $170,404. This means that the average cost of recovering from a ransomware attack is now 10 times the size of the ransom payment.

There is now cyber insurance that expressly covers the risk of ransomware. These policies may pay for some or all of the ransom demand in order for the policy holder to unlock the encrypted data and resume operations.

However, regulators are scrutinizing incentives for ransomware payments and their tendency to encourage more ransomware attacks.  On February 4, 2021, the DFS issued guidance, the Cyber Insurance Risk Framework, outlining the best practices for New York-regulated casualty and property insurers that underwrite cyber insurance.  Notably, the DFS recommends that insurers not make ransomware payments.  The DFS cited Office of Foreign Assets Control of the U.S. Department of the Treasury guidance that insurers can be held liable for making ransom payments to sanctioned entities.

The Sophos.com survey noted “The findings confirm the brutal truth that when it comes to ransomware, it doesn’t pay to pay. Despite more organizations opting to pay a ransom, only a tiny minority of those who paid got back all their data. This could be in part because using decryption keys to recover information can be complicated. What’s more, there’s no guarantee of success. For instance, as we saw recently with DearCry and Black Kingdom ransomware, attacks launched with low quality or hastily compiled code and techniques can make data recovery difficult, if not impossible. Recovering from a ransomware attack can take years and is about so much more than just decrypting and restoring data. Whole systems need to be rebuilt from the ground up and then there is the operational downtime and customer impact to consider, and much more.”

Some attacks now involve double extortion demands. The double extortion steals the data before it is encrypted and demands payment to not expose the stolen data on a ransomware website. It also encrypts the data and extorts payment again to un-encrypt the data. Some ransomware now simply steal the data and threaten to expose it rather than go through the trouble of encrypting the data.

The best way to protect your data and recover it immediately is to store your data in an object based storage system that encrypts the data to protect it and versions the data so that any changes to the data will not affect the current version which is replicated in different locations. If someone happens to be able to access your data, that data is your encryption so the bad guys would not be able to use it. If they encrypt it to deny you access, that new encryption is a new version, and you are able to continue working with the prior version. The Hitachi Content Platform provides this basic protection from ransomware as well as Enterprise File Synch and Share (EFSS) with HCP Anywhere, a service that allows users to save files in cloud or on-premises storage and then access them on other desktop and mobile computing devices. In the event of a ransomware attack, your employees keep working as they continue to access their most frequently used data, from any web browser or mobile device. HCP Anywhere edge file services deliver centralized data protection management and reporting across all of the different places where file services are delivered. To users and applications, HCP Anywhere looks like a traditional file server, but it actually connects to HCP for added storage and data protection, leaving administrators confident that their files are secure. HCP Anywhere can also back up any folder, even if it’s not located in HCP Anywhere, delivering an extra level of security. 
 
Hitachi’s VSP arrays also have a built-in Hitachi Data Retention Utility to lock down a copy of production data for a user-defined period of time. This data cannot be deleted, edited or encrypted during the retention period, and it takes just seconds to revert this data to undo damage done to production data by ransomware and other malicious attacks. This data retention utility can be orchestrated by the Hitachi Data Image Director, (HDID) an enterprise copy data management software platform. HDID automates and orchestrates a range of data copy and movement technologies, to greatly enhance and simplify business continuity, disaster recovery, and physical or virtual copies to support secondary functions, such as development, test and marketing, with separate schedules (recovery point objectives or RPOs) and retention periods, in any location. 
 
Protect yourself from Ransomware attacks especially during these critical times by updating your VPN infrastructure and educating your users against phishing attacks. Protect your data and ensure rapid recovery in the event of an attack through the use of HCP, HCPAnywhere, and HDID with VSP Data Retention Utility.

#Hu'sPlace
#Blog
2 comments
2 views

Permalink

Comments

05-04-2022 11:51

Interesting

06-16-2021 07:37

Your article content is being very much interested, I am very impressed with your post. I hope to receive more great posts. official site