These days, it seems like everyone is vulnerable to ransomware attacks. Data centers, personal computers, smart phones, televisions, and even the U.S. Congress have been attacked. All organizations have sensitive data, so whether you run a bank, hospital or hair salon, you’re at risk. Once ransomware has locked your files, there are two options: restore from a previous backup or pay up. According to McAfee Labs’ 2016 Threats Report, the total number of ransomware samples has increased by more than 140 percent since the end of 2014, and will likely continue to rise as hackers become more sophisticated.
A ransomware attack can cause as much devastation to a company as a natural disaster, wiping out all data, or causing significant downtime if the proper precautions aren’t made. The downtime from ransomware can be the biggest threat as significant money is lost when normal business operations cease. The Ponemon Institute, which conducts independent research on data protection, privacy, and information security, reports that the cost of business downtime is $7,900 per minute.
Have a plan
Businesses need to have a disaster recovery plan to prepare for potential disasters or ransomware attacks. They must also map out the two most important parameters in data protection: recovery time objectives (RTO), how long your company can stand to be offline before affecting the business, and recovery point objective (RPO), how much data your company can stand to lose before affecting the business.
Central One Federal Credit Union is a mid-sized credit union based in New England that knows the importance of disaster recovery after being hit by a ransomware attack last year. Just like most organizations, Central One had heard of ransomware attacks, but never thought it would be a target.
The credit union first noticed a problem when an employee couldn’t process a large file needed for batch processing. At first they thought it was a problem with their core application vendor, but the vendor had no luck identifying why the file couldn’t be processed. After hours of troubleshooting, including an attempt to copy a folder from another branch location, the team finally identified the root cause – Cryptolocker, a nasty and prevalent form of ransomware.
It took five hours to determine the problem, but the organization was never offline, the backup was restired in minutes, there was no data lost and no ransom paid,
That’s when Neal Reardon, assistant vice president of information systems and technology at Central One, identified the infected folder and instantly took that machine completely off the network.
After taking the infected system out of production, they were able to restore from their hyperconverged backup within fifteen minutes and get the data center running smoothly again. All in all, the organization was never offline, although it took about five hours to determine the problem. However, because they were able to restore the backup in minutes, there was no data lost, no ransom paid, and the team was able to leave the office within a half hour of when they realized it was an attack.
A global problem
Though many of the most publicized attacks are against companies in the US, CNBC reports that ransomware software “is largely operated by criminal gangs, many with ties to organized crime, often located in Eastern Europe and Russia.” And attacks are also not restricted to small or midsize companies either. A large, enterprise manufacturer in the Netherlands had a recent run-in with ransomware. The company was in the process of migrating VMs to a new hyperconverged infrastructure environment when the IT outsourcing partner, Rhodix, noticed the ransomware attack.
In the case of the Netherlands company, Rhodix was performing hourly backups on the new hyperconverged solution, so there was minimal data loss when they restored to the most recent backup. Just a day before, the company’s data was being backed up to tape, which could have resulted in twelve hours of data loss and about three hours to restore the previous infrastructure. However, the company was back online within minutes with the new solution. The company’s hyperconverged vendor also offered file level restore, which came into play when Rhodix was restoring the file server.
With ransomware increasingly prevalent and damaging, it’s never been more important than now to have a backup solution which can cut down the hours it takes to get IT running smoothly again, and also minimize data loss. Businesses simply can’t afford production outages, lost hours of productivity, or days of work lost to a ransomware attack. There are data protection plans for every type of budget, so each business can decide what is right for its specific situation. Whatever the backup solution, the important thing is that data is being protected and disasters are being planned for so that RTO and RPO parameters are clearly defined and met.
Jesse St. Laurent is vice president of product strategy at SimpliVity.