Ransomware: Why Backups Are No Longer Protection
We have all heard of the threat of ransomware and how malicious actors encrypt your files and demand a payment to provide access to your data. Until recently there were two major ways firms protected themselves from the threat of ransomware. The first protection was prevention by implementing a stringent Anti-Virus program to stop the infection from infiltrating the network. The second protection was to have offsite or offline backups. Firms that would be infected with ransomware would often opt to just restore from backups and not pay the ransom. Sadly, the second protection now may be obsolete.
Unfortunately, malicious hacking groups have now realized the monetary value of the privacy of the data may be worth more than the access. These bad actors now after collecting a ransom for providing you your data back, will often look to collect a secondary payment with the promise of not posting or releasing the data they collected publicly. Basically, the bad actors now threaten to release the information in the data they were able to obtain through the ransomware attack. This is extremely concerning for companies with any personal or proprietary data or that fall under a compliance law. Now your decision to pay the ransom would also need to consider the public publishing of your data. This new extortion scheme means using a good backup solution as protection from ransomware is no longer viable.
What should you do? We recommend that clients are using a premium endpoint detection and response application such as Sentinel One, Crowd Strike, or other premium product. These products provide a higher level of protection against Ransomware protections because they are based on behavior instead of a static file list. Many of your traditional anti-virus software such as Norton, McAfee, Webroot, and others are based on a list of file paths and applications that are known as “bad” and they don’t allow them to run. The problem is that they are always behind the curve and rely on thousands of infections before they are identified. Next generation protection looks at what an application is trying to do instead of just its name or location to determine that it shouldn’t run. These next generation products also provide an easy way to rollback file changes and disconnect computers from the network automatically if a ransomware type infection is detected.
We recommend that all companies use this next gen protection to bolster their ransomware prevention. They should also maintain their backup infrastructure to combat hardware failures.