Affecting more than 100,000 organisations in 150 countries, the WannaCry attack recently thrust ransomware into the international spotlight. For me, the most concerning thing about this attack was the fact that people’s health and lives were put at risk by the encryption of NHS patient data files and medical systems, highlighting in no uncertain terms the huge cyber-security challenge faced by the healthcare industry.
There is nothing quite like a worldwide incident infecting hundreds of thousands of computers to bring a problem into focus. Companies in all industries could just as likely fall victim and must begin looking at this case in the context of the financial risk they face in the now highly likely event of a ransomware attack. Put simply, how much would you be prepared to pay to unlock mission-critical files that could stop you doing business for days or weeks?
The UK Financial Times advised its readers that “the best way to protect against ransomware is to back up your data frequently so that you can go back to a recent archive in the event of an attack.” Whilst this may sound so simple, many companies both large and small, do not have the proper backup and disaster recovery processes in place that are invaluable and that would prevent the need to fork out huge sums in the event of a ransomware attack. Survival requires preparation before the attack and we have had customers who have successfully recovered from ransomware attacks using the built-in 7-day backups available on our secure cloud hosting solution.
Here are three ways companies are using secure cloud hosting, cloud backup and Disaster-recovery-as-a-Service (DRaaS) to both protect against and remediate from ransomware attacks:
- Cloud Security – Advanced cloud security features are essential in the war against ransomware to protect both hosted production workloads and replicated DR workloads in the cloud. In the case of the WannaCry virus, many IT systems were impacted because of a vulnerability in unsupported versions of the Windows XP operating systems. If we were to look at the iland Secure Cloud to provide a solution, constant scanning and identification of vulnerabilities is provided which, along with reporting and alerting, enables customers to patch these vulnerabilities before a ransomware virus has the opportunity to infiltrate files. Vulnerability scanning as well as encryption, intrusion detection and prevention, integrity monitoring and log inspection are essential to both cloud and on-premises IT systems. Many of our customers have been able to identify system vulnerabilities and risks during DR testing that they had not identified with on-premises security tools, enabling them to address these before being targeted by a cyber-attack.
- Cloud Backup – Most IT pros reading this will have a data backup strategy in place, but how many have data backed up in an off-premises location or the security of knowing that data can be restored from a ‘clean’ VM in the cloud in just seconds? We have built-in 7-day backups on our Infrastructure-as-a-Service (IaaS) offering which can be extended to 30 and 90 day backups. Many customers, realising the need to have a remote, secure location for backups, are also leveraging the Secure Cloud Backup with Veeam solution which stores an up-to-date copy or secondary copy of virtualised applications in our cloud, restoring files and virtual disks back to the local environment as needed.
- Disaster Recovery – The combination of aggressive RTOs and RPOs, as well as journaling, makes DRaaS a very effective weapon in the battle against ransomware. Our DRaaS customers are able to failover production to the iland Secure Cloud in the event of a ransomware attack and restore production systems within minutes or even seconds. Journaling with the iland plus Zerto DRaaS solution – whereby a running list of storage “writes” are kept in a special log file called a journal – enables granular restoration of virtual machines from specific points in time to enable you to failover to a point in time before the ransomware attack. I’m sure many IT managers who were victims of the ransomware virus would have loved to have had this capability available to them.
In light of recent events, many businesses have now had their ransomware wake-up call. The good news is that there are ways to protect and remediate from ransomware attacks without having to pay. Preparation is key and now is most definitely the time to take action. Contact us to find out how to protect your business from the ransomware attacks that will unfortunately and inevitably come in the future.
[su_box title=”About Monica Brink” style=”noise” box_color=”#336588″][short_info id=’103048′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.