Protection Against The Rising Threat of Ransomware

By Hubert Yoshida posted 05-04-2021 20:37

    
 

1   Li ke

The New York State Department of Financial Services (“DFS”) reports that ransomware attacks have
almost doubled in the last year. Ransomware is where a cyber attacker installs malware that
encrypts a victim’s computer system or files then demands a fee or ransom to unlock the encrypted
data. Payment is enabled by the increasing use of crypto currencies which are untraceable. Research
by BlackFog, a Crypto Security Company anticipates that a business is attacked by a
cybercriminal every 11 seconds and damage costs from these attacks will hit around $20 billion by
2021. With damages from all cybercrime expected to hit $6 trillion this year (up from $3 trillion in
2015), they expect the number of ransomware attacks to increase and newer forms to become more
sophisticated and disruptive. This is more than the entire proposed federal budget for the United
States in 2021!

Recovering from a ransomware attack can be very costly. Another global survey
by Sophos.com indicated that the cost of recovery including business downtime, lost orders,
operational costs, and more, was an average of $1.85 million in 2021. The average ransom that was
demanded was $170,404. This means that the average cost of recovering from a ransomware attack
is now 10 times the size of the ransom payment.

There is now cyber insurance that expressly covers the risk of ransomware. These policies may pay
for some or all of the ransom demand in order for the policy holder to unlock the encrypted data
and resume operations.

However, regulators are scrutinizing incentives for ransomware payments and their tendency to
encourage more ransomware attacks.  On February 4, 2021, the DFS issued guidance, the Cyber
Insurance Risk Framework, outlining the best practices for New York-regulated casualty and property
insurers that underwrite cyber insurance.  Notably, the DFS recommends that insurers not make
ransomware payments.  The DFS cited Office of Foreign Assets Control of the U.S. Department of the
Treasury guidance that insurers can be held liable for making ransom payments to sanctioned
entities.

The Sophos.com survey noted “The findings confirm the brutal truth that when it comes to
ransomware, it doesn’t pay to pay. Despite more organizations opting to pay a ransom, only a tiny
minority of those who paid got back all their data. This could be in part because using decryption
keys to recover information can be complicated. What’s more, there’s no guarantee of success. For
instance, as we saw recently with DearCry and Black Kingdom ransomware, attacks launched with
low quality or hastily compiled code and techniques can make data recovery difficult, if not
impossible. Recovering from a ransomware attack can take years and is about so much more than
just decrypting and restoring data. Whole systems need to be rebuilt from the ground up and then
there is the operational downtime and customer impact to consider, and much more.”

Some attacks now involve double extortion demands. The double extortion steals the data before it
is encrypted and demands payment to not expose the stolen data on a ransomware website. It also
encrypts the data and extorts payment again to un-encrypt the data. Some ransomware now simply
steal the data and threaten to expose it rather than go through the trouble of encrypting the data.

The best way to protect your data and recover it immediately is to store your data in an object based
storage system that encrypts the data to protect it and versions the data so that any changes to the
data will not affect the current version which is replicated in different locations. If someone happens
to be able to access your data, that data is your encryption so the bad guys would not be able to use
it. If they encrypt it to deny you access, that new encryption is a new version, and you are able to
continue working with the prior version. The Hitachi Content Platform provides this basic protection
from ransomware as well as Enterprise File Synch and Share (EFSS) with HCP Anywhere, a service
that allows users to save files in cloud or on-premises storage and then access them on other
desktop and mobile computing devices. In the event of a ransomware attack, your employees keep
working as they continue to access their most frequently used data, from any web browser or
mobile device. HCP Anywhere edge file services deliver centralized data protection management and
reporting across all of the different places where file services are delivered. To users and
applications, HCP Anywhere looks like a traditional file server, but it actually connects to HCP for
added storage and data protection, leaving administrators confident that their files are secure. HCP
Anywhere can also back up any folder, even if it’s not located in HCP Anywhere, delivering an extra
level of security. 
 
Hitachi’s VSP arrays also have a built-in Hitachi Data Retention Utility to lock down a copy of
production data for a user-defined period of time. This data cannot be deleted, edited or encrypted
during the retention period, and it takes just seconds to revert this data to undo damage done to
production data by ransomware and other malicious attacks. This data retention utility can be
orchestrated by the Hitachi Data Image Director, (HDID) an enterprise copy data management
software platform. HDID automates and orchestrates a range of data copy and movement
technologies, to greatly enhance and simplify business continuity, disaster recovery, and physical or
virtual copies to support secondary functions, such as development, test and marketing, with
separate schedules (recovery point objectives or RPOs) and retention periods, in any location. 
 
Protect yourself from Ransomware attacks especially during these critical times by updating your
VPN infrastructure and educating your users against phishing attacks. Protect your data and ensure
rapid recovery in the event of an attack through the use of HCP, HCPAnywhere, and HDID with VSP
Data Retention Utility.