Ransomware is back with a vengeance… are you prepared?

Pete Roythorne

News of a virulent variant of Cryptoware – “Locky” – spreading like wildfire, combined with the recent high-profile attack on the Hollywood Presbyterian Medical Center in Los Angeles has put ransomware firmly back on the radar for managed service providers (MSPs). If it was ever truly off.

According to reports in Forbes, Locky is currently affecting around 90,000 machines a day and demanding between 0.5 and 1 Bitcoin (around $400) to unlock files. But in a more sinister turn, this is a drop in the ocean compared with the $17,000 that the Hollywood Presbyterian Medical Center’s board agreed to pay to get its network back.

This was obviously a targeted attack by people that know the value of medical records, and in monetary terms alone the hospital had a metaphorical gun held against its head. However, the impact of an attack of this nature doesn’t start and stop at the cash. The hospital would have felt the effects of this many times over in terms of data and reputation loss, not to mention potential fines and closure.

This is why organisations need to take notice. If your clients’ data is not securely protected and backed-up, then it should be. How many companies could survive without access to their files, customer data, and confidential business information? None.

What is ransomware and how does it work?

RansomwareThere are a wide range of different variants of ransomware or Cryptoware – including CryptoLocker, Cryptowall, Cryptodefense, and the most recent Locky. However, the attack vector is pretty much always the same: an email encouraging you to open an attachment, anything from an infected word document to a .zip file.

Once you open this, the real payload will be activated and the attached programme will set to work encrypting your files. It will then flash up a message telling you that you will not be able to access your data until you pay the specified ransom.

How can you protect against and recover from ransomware?

Data-ProtectionOne basic security measure that can be taken to stop ransomware from taking hold is not opening attachments from unknown senders. However, with cyber criminals becoming more sophisticated with their phishing attacks, this is increasingly difficult.

To protect against and recover from ransomware, MSPs need to deploy a multi-layered approach to security (including email filtering, antivirus, patch management, and web protection) alongside a robust backup solution.

“Healthcare and other organizations can play their part in protecting against ransomware through layered security,” explains Ian Trump, LOGICnow’s Security Lead. “They can also deploy effective backup software. And, on top of this, robust disaster recovery and business continuity planning is equally important.”

How essential is backup in the event of a ransomware attack?

BackupThe short answer here is: essential! It's the only real way to ensure that you can get your business back up and running, with minimum data loss, after a ransomware attack without paying up.

Cryptolocker, Cryptowall, and Teslacrypt are now common threats to all businesses. On average, around 68,000 computers are infected globally with ransomware each month or 5,700 daily, according to a major antivirus software provider, and obviously this will spike with the arrival of new variants as we’re seeing with Locky. Every day, criminals typically net $33,600 from ransomware – or $394,000 a month. A solid backup solution can ensure you and your clients don’t become just another statistic.

LOGICnow’s MAX Backup software provides super fast recovery times, secure data storage and 448-bit Blowfish encryption; all essential weapons MSPs and end users can deploy in the event of a ransomware attack. Other important features of MAX Backup include bare metal recovery for recovering servers.

In addition to lost data and reputation, organizations can be fined for the loss of personally identifiable information. At worst, entire businesses can even be closed down. So the stakes are high on all fronts.

“Advanced ransomware can also target on-premise backups,” adds Trump. “Only data in the cloud that is inaccessible as a file share or physically removed media is safe from a ransomware attack. In the case of the attack on the Hollywood Presbyterian Medical Center, it was faced with two disastrous consequences: What if the cyber criminals infected other hospitals in the state? And rather than demand ransom, what if patient prescriptions were changed?

So ask yourself one question: Are you and your clients really protected? If the answer is anything other than an unwavering “yes”, then you’ve got serious work to do.

Click here to find out how the MAX platform can help protect your systems