Many companies are having to re-think their disaster recovery strategies due mainly to the recent spike in ransomware attacks, but also because of malware infection in general. With ransomware sneaking into more IT systems than ever before, and at such an alarming rate, organisations and enterprises are having to put cyber security and disaster recovery on the front burner. Many companies were able to coast through for years without having to think much about catastrophic data loss, maybe updating an antivirus software program and tightening up a firewall here and there, but not anymore. Companies of any size must now run IT security “drills,” implement deeper and stronger security tools, and even establish employee education programs dealing with cyber safety along with implementing stronger Business Disaster Recovery (BDR) assurance.

Disaster Recovery Plan

Awareness is Everything

Because ransomware is so sneaky, and can slip in virtually undetected into computing environments cleverly disguised as a link or file in a legitimate-looking email, educating office staff on better cyber “hygiene” is perhaps the best step companies can take to prevent these malware infections on the front lines right now. Because security, disaster recovery, and business continuity begins and ends with human awareness and protocols – and are largely useless if the office staff engaging in cyber interfaces are clueless about what ransomware exploits look like or mimic – end-user policies and enforcement must accompany any use or investment in data protection technology.

The Appearance of Ransomware

Since many have no basic working understanding of what ransomware even looks like or how it operates, let’s take a closer look at it now. Ransomware uses encryption in a very aggressive, insidious way to lock-up your database, in effect, using a public-private key encryption interface or procedure to do so. It will quietly upload its file “payload” into your hard drive, but those files will stand out upon deeper examination. One such example looks like this:

The ransomware files are the “.png” and “.txt” files, where the file-encrypting and “ransom note” files, respectively, sit in your document queue. Ransomware can work so fast to encrypt and lock up your files now that total file encryption of your entire database can happen within a few minutes of you inadvertently clicking on a “mimic” email link. The ransom note will demand a certain amount of money – generally requested in Bitcoins – in order to obtain the private decryption key housed on a command and control (C&C) server which is running the operation remotely. A typical ransomware demand note looks like this:

When Endpoint Protections Fail

It’s a sad reality that even with what would be considered strong antivirus and firewall tools and employee cyber safety policies in place, ransomware is still finding its way to infecting databases across the land. This is because company policies on end-user interface are often too technical in nature for the average Joe and Jane to follow. And, cybercriminals are patching their own malware programs faster than anti-malware defense software can keep up. So, how do we combat this latter-day scourge that shows no signs of abating? It seems that only highly-coordinated strategising with department heads and IT support teams, along with technology experts (and strong cyber safety enforcement) will begin to put up a wall high enough to keep the ransomware hordes out. To quote a recent article in Nakivo.com: “Organisations must look at backups and specifically offsite backups as part of their disaster recovery/security incident strategy.”

Consequences and Better BDR Planning

We all know what the consequences can be of a ransomware strike. As such, having an offsite backup copy of your primary backups is essential to having a data protection strategy that works in case of disaster. It is, in fact, the lynchpin in an overall Business Disaster Recovery plan that will save your business from a ransomware attack.