🔒The infallible way to beat ransomware

Ransomware has ramped up significantly in 2019, with many high-profile victims, including several Connecticut municipalities. While the cybersecurity landscape can feel daunting, ransomware is a unique kind of cyberattack in that there are steps to sidestep it.

In a ransomware attack, hackers lock your data until you pay them. A ransomware attack isn’t a data breach per se because the hackers don’t steal anything — they just use malware that encrypts the data on your systems so you no longer have access to it.

If you have a copy of your data and you can restore it quickly, the ransomware attack is completely ineffective. Here are key components of a disaster-recovery strategy that will render ransomware a non-threat.

Multiple, automatic backups

Once it gets into your network, ransomware spreads automatically, locking as much data on as many computer systems as it can. In order for your backup data to be left untouched, it needs to be stored somewhere separate from the original, such as the cloud or an off-site server.

The backup also needs to be regularly updated automatically (hourly or more often is ideal). When backups have to be made manually, they inevitably become out of date.

In addition, it’s important to make sure that all data is being backed up. Wolcott Public Schools experienced a ransomware attack earlier this year and found that while much of their data was backed up, critical portions of it were not, such as lesson plans and materials for teachers.

A plan to restore quickly

When Texas-based Heritage Auctions, the third-largest auction house in the world, was hit with ransomware this fall, it apparently had backups in place. However, it took the company five days to get their website fully back up and running. With an average of over $2 million in sales per day in 2018, it was an expensive outage.

Creating a backup is actually the easy part. Using your backup to get back to business quickly requires careful planning. A good first step is to identify the data that is critical to business function so that it can be restored first.

Next, consider how your data will be restored and how long that will take. Depending on the cloud provider you’re using, your network speed, and the amount of data you need to restore immediately, getting your system up and running from a cloud backup can take anywhere from minutes to days. Having both an on-premises backup server and a cloud backup can help you restore quicker.

Finally, there needs to be somewhere to restore the data to. After a ransomware attack, computers and servers may need to be scrubbed and rebuilt. A backup system that allows you to spin up your whole environment in the cloud or on a purpose built back-up appliance — and essentially access a version of your work computer from any computer with the proper security credentials — can enable your team to get back to work quickly while remediation from the ransomware attack is still under way.

Best solution: Keep ransomware out

Unlike a data breach, which typically leaves the victim with no viable solution, having a disaster-recovery strategy in place is your ace in the hole if ransomware gets into your system. While restoring from backup may avert an ordeal that could put you out of business, getting things back online and closing in your security is still a disruption.

Avoiding ransomware in the first place is always the best option, and aside from up-to-date software and hardware, regular cybersecurity training is one of the best ways to do that. Even a few minutes a month can help employees stay sharp and recognize traps laid by hackers. It also helps them know how to act quickly to prevent the spread of ransomware if something seems suspicious or they find themselves looking at a screen telling them their data has been locked.

Jim Parise is president of Glastonbury-based IT consulting firm Kelser Corp.