46 DISASTER RECOVERY JOURNAL | FALL 2017
their accounts and complete loan applications, banking deposits and retail transactions, financial IT leaders know they can’t
afford downtime. Another top target: healthcare. Nearly half
of 2016 attacks hit the healthcare sector, according to Beazley,
likely because accessing medical records and patient data can be
a matter of life or death.
Yet organizations in other industries can’t make the mistake
of thinking they’ll be passed over. Attackers are going after the
manufacturing industry by seizing control of systems and bringing shop floors to a halt. The hospitality industry has been hit time
and again, with ransomware attacks locking guests out of their
rooms and shutting down reservations until the attackers are paid.
Even startups and microbusinesses have been targeted for sums
high enough to drive them out of business.
The reality is that nearly every business depends on some type
of computerized data to function – which means ransomware
attackers are going after every type of organization.
;Leadership pays the ransom.
It’s not uncommon to see a conflict during a ransomware
attack: one leader is reluctant to pay the ransom while another is
willing to pay anything to get the systems back up again. When
customers are unable to make purchases, when a production line
is brought to a halt or a hospital medical equipment is shut down,
many teams feel forced to pay the ransom.
Yet paying is more than just a financial blow. It marks the organization as an easy target, one that couldn’t fight back against the
present attack and likely won’t fight back against a second one.
Not only does this make the ransomware industry a more profitable one, many organizations suffer additional attacks thanks to a
back door built into the release of their files.
That’s if they get their files back. A 2017 cybersecurity report
in The Guardian found that of organizations that paid ransoms,
almost one-third never received the return of their files.
Surrendering and paying up may feel like the quickest way to
end an attack and resume business. Yet it does not always mean
the end of the attack, and this can often mean a future one.
;The team invests only in perimeter protections.
Best-of-breed technologies have their virtues, especially when
it comes to building a strong perimeter defense; tools that can
detect and stop known threat signatures, application whitelist-ing, and other tools can all be effective at stopping ransomware
attacks. Also important: building a workplace culture of security
where employee training can prevent users from clicking on the
wrong link or being duped by a fraudulent email.
Yet given that just one slip-up can open the door to a full-scale ransomware attack, even the best perimeter protections
can’t always offer guaranteed safety. The same principle applies
to successful compliance audits; many teams believe that meeting
regulatory requirements such as HIPAA or PCI are a certification of safety. Yet while compliance will help teams avoid fines,
meeting those requirements only provide a baseline of protection.
They can’t necessarily protect any system from Ransomware.
Their BDR solution is too slow.
Ransomware attacks may seem to be a battle between adequate
prevention and paying a ransom. Yet the real factor determining
an organization’s fate is recovery. If your backup and disaster
recovery solution lets you recover in minutes, your ransomware
attackers lose their power. According to a recent state of disaster
recovery report, 98 percent of CIOs said they believe speed of
backup and recovery plays an important role, and 77 percent have
used their disaster recovery solutions after a security threat event.
They don’t need to come up with a payment in Bitcoin; they just
failover to another replica of their system.
The problem is that many organizations are still hamstrung by
BDR systems that take hours – or days – to recover from even a
planned outage. Sometimes they’re relying on old legacy systems
designed to run as batch processes at night, during scheduled
downtime. Sometimes they’re relying on tape backups stored
in an offsite datacenter. When they do attempt recovery, they’re
often forced to choose between critical servers, hardware, and
applications since they lack the firepower to resurrect everything
From backup retrieval to restoration, these teams are rarely
able to get their systems back up quickly – or count on fast performance once they do. Attackers know this, which is why they position the ransomware as a race against the clock. If an organization
can’t recover within the time allotted by the ransom demand, their
options dwindle. If they’re in an industry ruled by the expectation