Ransomware remained at the top of the charts last year, as one of the most cunning and vicious forms of data theft. Ransomware attacks take place every 14 seconds and have increased by 700% since 2016. The loss of access to production data cost companies around $11 billion in financial, productivity, and downtime losses in 2019. Sifting through the latest ransomware news, I find it alarming that some organizations still do not see ransomware protection as a number one priority to protect their IT infrastructure. With the continued attacks on unsuspecting companies, the crafty criminals are getting away with a huge paycheck and with your data.
Public, Education, and Healthcare Organizations are Likely Targets
According to recent data, public organizations and the healthcare industry are the most likely targets that could be hit the hardest this year. Many public and healthcare organizations may not have the budget to invest in the latest cyber-security software available in the market today nor do they have the systems in place to perform upgrades as needed, thereby leaving their systems vulnerable to attackers. Understandably so, it is seen as a weakness and one to be exploited where healthcare facilities can’t provide critical services to their patients. A published article by Tech Target quotes Caleb Barlow, president and CEO at healthcare cybersecurity firm, CynergisTek, in Austin, Texas. He states, “The most common attack on healthcare has involved data theft, but that’s starting to change. Today, hackers are using ransomware attacks more frequently, which have a destructive, “kinetic impact” to them. That means, you didn’t steal the data; you locked it up, destroyed it, or changed it,” Barlow said. “When those things happen, you can’t see patients.”
Ransomware is a destructive force and medical organization need to brace themselves in 2020 because these attacks will spread wider and with more frequency. This reminds me of the Campbell County Health 2019 attack, which was one of the worst recent hits because it put lives at risk. (Source: Campbell-county-memorial-hospital-ransomware attack).
Latest string of Companies Crippled by Ransomware
- March 2, 2020 (Reuters) – Currency service provider Travelex on Monday estimated a 25 million pounds ($31.9 million) hit to first-quarter underlying core earnings due to the ransomware attack in late December and said it has restored all its customer-facing systems. (Source: UK Reuters/ransomware attack). Travelex services remained offline for more than two weeks following the attack, leaving some customers cashless during the busiest travel season.
- Among small and medium-sized businesses, in the last 12 months, twenty-two percent of organizations had to cease business operations immediately because of ransomware; Eighty-one percent of businesses have experienced a cyberattack; Sixty-six percent have suffered a data breach and thirty-five percent were victims of ransomware (Source: https://www.malwarebytes.com/ransomware/).
- Legal services giant, Epiq Global, has been hit by a ransomware attack. A source with knowledge of the incident said the ransomware hit the organization’s entire fleet of computers across its 80 global offices.
- And just recently, Visser, a parts manufacturer for Tesla and SpaceX, was hit by a more advanced, data exfiltrating ransomware. A portion of the files stolen from the company were published by the ransomware group. (Source: https://techcrunch.com/2020/03/02/epiq-global-ransomware/).
- How about the Ransomware attack against the New Orleans city government earlier this year, which cost the city $7 million dollars.
- Albany County in New York was hit by three cyberattacks in the span of three weeks in late 2019, including a Christmas day attack on the Albany County Airport Authority (ACAA) that resulted in an undisclosed ransomware payment by the ACAA. (Source: Times Union https://www.timesunion.com/business/article/Ransomware-attack-cripples-airport-authority-s-14963401.php).
Important to know: Ransomware is getting craftier
While some reports say ransomware is going down and others say it’s going up, the bottom line is to understand that the illegal activity will attempt to hit your datacenter, and the only unknown in this equation is when? The answer is you never know, but there is ninety-nine percent chance that your organization will be targeted, unfortunately.
It’s important to protect your IT environment by becoming aware and by applying old but true principles of data protection (DP) and business continuity (BC) as follows:
- Prevention and recovery should both be an important part of your DP and BC strategy.
- Upgrading legacy backup infrastructures is top of the list, so it doesn’t become an easy target.
- Next, is having your backups current and up to date, so you can recover the most recent instances of your data.
- Whether you choose to back-up on disk or keeping an air-gapped copy on tape, the latter of which is iron clad protection from ransomware because it’s air-gapped, physical barrier, you will ensure recoverability.
- Backup copies should not only be recoverable, but they should be predictably recovered. In other words, test, test, test the integrity of your backup recovery system and verify it. And speaking of predictability, the NCSC (UK National Cyber Security Centre) has updated its guidance and is suggesting greater emphasis is needed on that offline copy.
In conclusion, the most sensible approach to protecting your data should be prevent, detect, and respond, but also protecting your backup with the 3-2-1-1 rule: 3 copies of your data, 2 different media types, 1 offline and 1 offsite.