Ransomware protection helps mitigate data loss, but attacks are increasing

Ransomware attacks have grown to such a scale, companies are getting attacked more than once.

Endpoint data protection vendor Druva recently surveyed 832 IT professionals worldwide during May and June this year, and found that 80% of the respondents said ransomware attacks are increasing.

The research also found 50% of the organizations reported they were attacked multiple times and the attacks also are going beyond endpoints and are starting to hit corporate servers. One-third of the attacks hit corporate servers.

“A South Korean web hosting company Nayana recently found that 153 of their Linux servers had been infected with a ransomware variant called Erebus,” according to the Druva report. “The WannaCry attack that affected 200,000 users in 150 countries exploited a known vulnerability in various operating systems, including Microsoft Server 2003. Another variant, called Samsam, specifically attacks a vulnerability in the Red Hat JBoss software.”

The report noted that each of the software vendors have built software patches to address the vulnerabilities but “establishing good system administrative policies and practices is a crucial first step in reducing the overall ransomware risk to organizations.”

The toll on a company experiencing multiple attacks can be cumulative and that means organizations need a comprehensive plan that goes beyond recovery to address ransomware protection.

“The owner of a Michigan Radio station reports spending a week recovering from an attack, only to get hit by another just one day after business had returned to normal,” according to the Druva report. “Even with a comprehensive plan, every attack will bring some degree of downtime and companies must be able to minimize this downtime in order to reduce the overall impact on business.”

At least half of the companies surveyed by Druva have more than 10,000 employees and 31% have between 1,000 and 10,000 workers.

Ransomware attacks have occurred for decades with the first reported virus known as AIDS Tojan or PC Cyborg. In 1989, biologist Joseph Popp handed out 20,000 infected disks to attendees of the World Health Organization’s AIDS conference that contained a malware program that activated after the computer was powered on 90 times. Today, variants of ransomware attacks occur daily and are getting larger in scale. They have grown more potent since the National Security Agency’s malware designed to break into Windows computers leaked, putting a higher priority on ransomware protection.

Rise in attacks put spotlight on strong backup strategy

Two worldwide attacks have brought greater attention to ransomware attacks. This week, the Petya cyberattack hit at least 65 countries and initially was considered a ransomware event. Researchers are saying the malware was a wiper that is used to permanently destroy data. In May, the WannaCry ransomware targeted Microsoft Windows systems worldwide with ransom demands in Bitcoin cryptocurrency payments.

Data backups are considered the best defense against these attacks because they allow organizations to recover data without the need to pay off the ransom request. Data protection vendors have started to build tools within their platforms for ransomware protection and to combat the attacks. But the ability to recover data in a ransomware attacks is closely tied to how quickly an organization can detect the virus.

“A recent ransomware attack at the University College London was believed to have started due to an employee falling prey to a phishing attempt,” according to the report. “The malware spread five hours before getting reported to IT, at which point it had already compromised the university’s network and share drives.”

The Druva survey reported that, among the respondents, 60% of the attacks took longer than two hours to detect, 29% of the attacks took two to eight hours to detect and 11% took more than eight hours to detect. Vendors are incorporating various detection tools as part of their ransomware protection strategy.

“Overwhelmingly, the respondents to our survey reported that their organizations had recovered from ransomware attacks, not by paying the ransom, but by relying on their backup data,” the report stated. “In fact, 82 percent of respondents indicated that they used their backups to recover and get the business up and running.”