Prevention and recovery from Ransomware [Interview]

Ransomware has been around for many years, but it’s only more recently that its impact has reached epidemic proportions. The recent attacks on global organizations FedEx and Travelex, as well as state and local governments, show a worrying transition by cybercriminals from opportunistic nuisance to a more sinister approach. Threat actors are now designing Ransomware not only to exploit sums of money but also to cripple large corporations.

In preparation for our upcoming ransomware webinar, we have asked a few critical questions to our expert speakers. 

• Dave Logue (Ontrack): As the Operations Manager and Lead Data Recovery Engineer for Ontrack, Dave assists customers around the world with the recovery of data from failed or damaged computer systems while ensuring efficiency and quality at every stage of the data recovery process. Dave joined Ontrack in 2001 and has over 15 years’ of data recovery experience. Leveraging his expertise, Dave currently leads a team whose members specialize in the remote recovery of high-end SAN and NAS storage technologies using Ontrack’s patented Remote Data Recovery solution. He also works closely with Ontrack development teams to communicate client needs, build innovative tools, and create and deliver custom solutions for specific data loss needs.

• Matt Trudewind (NetApp): Matt is a Technical Marketing Engineer with a primary focus on portfolio security; this includes but is not limited to Data Governance, Data Privacy Frameworks, Security Tools, and Security Best Practices. Before this role, he was a Staff Engineer focused on ONTAP product Supportability specifically in the areas of networking and SMB/CIFS.

Why do you think ransomware attacks have become so prevalent over the last few years?

Dave – I think the short answer is money. Ransomware is a relatively low risk and high reward activity that nets a massive amount of cash for the criminals. The other factors are the development of crypto-currency, state-sponsored activities to fund and develop exploits, and the number of devices connected to the internet and vulnerable to these exploits.

Matt -> Ransomware primary attack vector is through e-mail. Due to social media apps, consumers are using less e-mail these days, but enterprises still use e-mail as a significant communication method. As a result, attackers are targeting large organizations. It has also become straightforward to go on the dark web and purchase Ransomware as a service, requiring little to no skill needed for an attacker to utilize this threat.

Do you think organizations are taking the correct measures to protect themselves? If not, why not?

Matt-> Some most certainly are, but given the number of successful Ransomware attacks you continue to hear about in the news, it’s clear that many organizations still don’t have a complete hold on how to combat ransomware attacks.

Dave – I think that is a really tough one for organizations. The landscape changes daily and a lot of IT teams are strapped for resources and education, so it is challenging for them to keep up. Finding the right partners to protect your systems has become critical; you can’t just ignore the bad actors and rely on your old strategies.

What three pieces of advice would you give an organization in regards to Ransomware? 

Dave – Awareness, Preparation, Recovery. Identify the risks to your systems. Develop and implement a strategy to help prevent infections and have a plan for data recovery when your systems are infected by a ransomware.

Matt -> If you have been attacked or infected by Ransomware remember to use CPR. Contain the threat by disconnecting infected machines from the network. Prepare for another attack through client OS patching. Recover the encrypted data from backup.

Do you think ransomware attacks will continue at the current level we are seeing? 

Matt-> No, in fact, I believe we will continue to see an increase, particularly as IoT devices, become more prevalent.

Dave – I agree with Matt on this one. I think we will see attacks continue to rise in the next couple of years.

What’s your view on paying the ransom?

Dave – I don’t advocate paying any ransoms; this only encourages the criminal element to continue to attack. In addition, many customers pay money to a criminal and get nothing usable in return, as if the criminal is stealing from them twice! 

Matt -> In most cases the attacker wants to give the data back so they can continue to get paid, and studies have shown over 90% of the time the data is returned. However, you can never be 100% sure and it could still take time to get the decryption key, which leads to more extended downtime for the organization. Downtime is the real cost of a ransomware infection, and can typically be up to 10x the cost of the ransom payment. Have a solid recovery plan and avoid the downtime.