kaptn - Fotolia
Ransomware has been in the news this week after the WannaCry attack hit thousands of organisations worldwide.
Organisations’ best protection, when an attacker tries to deny access to their data, is to have up-to-date copies of that data available elsewhere.
So, good backup – in-house and in the cloud – is vital.
In this podcast, ComputerWeekly.com storage editor Antony Adshead talks with Vigitrust CEO Mathieu Gorge about why good backups are key to protecting against ransomware and why organisations should also check their cloud backup service-level agreements (SLAs).
ComputerWeekly.com: What is ransomware and what do organisations need to know about it?
Mathieu Gorge: Ransomware is a type of malware that will encrypt your data once it is on your systems and will display a message asking you to pay a ransom, an amount of money in actual currencies or in Bitcoin, to get the decryption keys.
Typically, what happens is that a user will receive an email with an attachment. They will click on the attachment and it will exploit a vulnerability.
In the case of the WannaCry issue, at the moment that has now hit more than 150 countries and about 200,000 computer networks.
It is essentially exploiting a Microsoft vulnerability. So, either you click and it will exploit the computer system or else the system has been infected already and, within that system, the malware is actually looking for non-Microsoft patched systems to replicate itself.
The advice is always not to pay the ransom, but by that we assume you have the ability to get the data back from other systems. I think that’s where most of the issue comes from, from a business continuity perspective.
ComputerWeekly.com: How can good storage and compliance practice help deal with these kind of threats?
Gorge: Well, if you think about what hackers want to do, they want to get your money because they think they are holding your data to ransom.
Really, the only way to deal with that is to say: “Well, actually, we know where the data is. We’ve stored data according to best practices. We’ve classified our data, so we’ve also protected the data to the best of our ability, so even if you were able to encrypt some of the data, we’d be able to get it back.”
So, the advice would be to fully map out where your data is stored, understand where your data could be infected with malware, protect those systems and make sure that your backups are always up to date.
Now, there are some attacks that are more sophisticated than WannaCry that will go and look for backup systems and encrypt the backups.
Read more about the WannaCry attack
- Security advisers are urging organisations to patch their Windows systems to avert a possible second wave of an unprecedented, indiscriminate ransomware attack.
- The high-profile global ransomware attack at the end of last week should get the phones ringing as customers turn to resellers for advice about security and getting off outdated operating systems.
Again, if you protect your systems against the appropriate malware and you patch all your systems, you should be in the clear.
The challenge arises again when some of that data is stored in the cloud. Let’s assume, for argument’s sake, that 25% of your data is hosted by a cloud provider.
Is there a liability issue? Is there an ETA for the provider to come back to alert you if something has been infected? Within the contract, do you have penalties? Do you have the ability to get backups of your data from them? What are the SLAs?
These are very important considerations that I would urge every company to reconsider at this stage because we are very likely to see the rise of ransomware this year. Even though WannaCry is probably a failed attack from the reward perspective for the hackers, it is still very disruptive, and disruptive for companies that have to call in their incident response plan.
Bear in mind that in the US, there have already been the first class actions against cloud providers who have been hit by malware. The end-user is saying: “I didn’t have access to my data for three weeks, so it’s loss of business for me. You were supposed to protect my data. You didn’t, so I didn’t have access to my data and couldn’t run my business.”
So I would urge people to review the malware policy of their cloud provider, review their own, map their own ecosystem and understand where the data is being stored, so that if there is another global attack based on ransomware – which is very likely this year – they will be fully prepared.