Imagine the panic and concern that hits as you look at a screen that says: “All files on your computer have been locked. Please pay the ransom within 24 hours to get the key … or else.”

From the days of ransomware being distributed on floppy disks to modern-day attacks like WannaCry and Petya spreading around the world in minutes, this may be your image of ransomware recovery. Ransomware either locks your computer or your data before demanding a fee in exchange for the supposed safe return of your critical assets.

Unfortunately, the actual costs associated with ransomware go well beyond simply paying a ransom. The disruption this form of attack causes can bring operations to a halt — affecting the organization’s bottom line, reputation and brand.

Watch the Guardium Tech Talk on-demand to learn more

Ransomware: To Err Is Human

Aside from blocking organizations from accessing their own data, cybercriminals also use ransomware to hide the delivery of other malware, steal data or simply cause business disruption. The growing sophistication and proliferation of ransomware over the past few years has led many companies to anticipate an eventual attack.

Recognizing the inevitability of a ransomware incident is a good first step toward mitigating this threat. But the reality is that organizations must immediately assess how their business has been disrupted — whether confidential or proprietary data is at risk and whether their recovery plan is sufficient — in the event of an attack.

Historically, ransomware payloads have been delivered via email attachments, malicious or hijacked websites and adware — just to name a few. But methods of ransomware deployment and execution usually have one thing in common: human intervention. Security training has helped educate users to be wary of suspicious emails from untrusted sources or unusual content, and this is a great start.

However, as more and more ransomware variants spread via broader means, it’s critical to augment ongoing user education with technical controls and processes for optimal protection. For example, it is crucial to update security patches for all operating systems and software, especially antivirus and antimalware tools, for the latest known attack vectors. It is also important to minimize and monitor system and data access permissions based on least privileged access and job functions.

Still, preventative measures can only do so much because, well, humans are human.

Known malware or vulnerabilities aren’t actually known until they are discovered, and protection is not provided until the antivirus and antimalware tools have been updated to detect these vulnerabilities. This recursive cycle of applying protection only after finding the problem requires us to think about additional methods that provide preventative protection and instant remediation in the event of an attack or infection.

As an example, let’s assume that someone (or something) has infiltrated your system or network. In an unprotected environment, data exfiltration is rudimentary once the system or network has been compromised. If the data is encrypted and unable to be decrypted without the proper authentication and authorization, however, data exfiltration is blocked even though the encrypted bits may be accessible to the attacker. This basic layer of protection gives you the peace of mind that even if malware or ransomware gets to your data, it is safe from unauthorized use or disclosure.

Make Backups, Encryption and Cloud Storage Your Priority

Even if your data is protected against theft or unauthorized disclosure, the files may still be locked by the ransomware. How can you regain access? According to an alert from the Department of Homeland Security (DHS) on ransomware and recent variants, it is critical to have a secure data backup and recovery process.

The DHS advised organizations to:

  • Implement a backup and recovery plan for all critical data;
  • Regularly test backups to limit the impact of a data breach and accelerate the recovery process; and
  • Isolate critical backups from the network for maximum protection if network-connected backups are affected by ransomware.

While having a backup and recovery strategy is considered a best practice, the enormous amount of data organizations use every day can be challenging to back up, especially on a frequent basis. However, options for backing up large quantities of data exist today in the form of cloud storage.

The cloud has emerged as a low-cost alternative for backup and archiving, especially object storage where application programming interface (API) connectivity and geographic location choices make isolating backup data from the network relatively easy and inexpensive. But cloud storage comes with its own unique challenges, particularly privacy.

With the right approach, object store dependency and privacy concerns can be alleviated. Organizations must have technical and operational processes in place that allow data to be archived in object stores but stored in a way that explicitly blocks cloud service providers (CSPs) from accessing that data. In other words, the right approach is to copy, move, back up and archive data while encrypted and to make this practice a key part of the organization’s data protection strategy.

Watch the Guardium Tech Talk on-demand to learn more

How to Simplify Ransomware Recovery

Ransomware is designed to enable cybercriminals to take command and control of your systems and business operations for quick financial gain or other malicious intent. Once a successful attack begins, you no longer have control or access to one of your organization’s most valuable assets: its data.

Conversely, the focus of ransomware recovery is all about maintaining control as efficiently and securely as possible. This necessitates making data protection with secure backup and recovery an essential part of your security processes. To align with new regulations, such as the General Data Protection Regulation (GDPR), security controls must be implemented by design and by default so that your data is protected from the time it is collected until the end of its life cycle.

Organizations need to control the who, what, when and how of systems and data that are accessed based on job function or role. This is good security hygiene at its most basic level. By using a strong, data-centric solution that combines encryption, access controls, key management and monitoring — and linking it to a secure backup strategy — organizations can narrow the attack surface for ransomware and better position organizational operations to continue in the face of an attack.

That sounds complex, but it’s not.

With emerging cloud data encryption tools that feature file and object store encryption capabilities, organizations can significantly reduce the risk and cost of ransomware with a single integrated solution that covers role-based access controls, advanced encryption, key management, access monitoring, object storage security with geographic dispersal and native backup and restores capabilities. In addition, these tools manage data protection consistently, whether you are protecting attached storage at the file or volume level or object storage via API — and regardless of whether it is on-premises, in the cloud or a hybrid environment.

Expanding on the concepts of regular backups with encryption and secure cloud storage takes the best practices of good security hygiene and adds layers of data protection, consistency, automation and control to help organizations become better prepared to weather the storm of evolving cyberthreats.

To learn how IBM Multi-Cloud Data Encryption supports ransomware recovery, watch our on-demand webinar, “Guardium Tech Talk: Encrypting Your Object Store Data Without Giving Your Keys to the CSP.”

More from Data Protection

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Skills shortage directly tied to financial loss in data breaches

2 min read - The cybersecurity skills gap continues to widen, with serious consequences for organizations worldwide. According to IBM's 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year.And that's expensive. This skills deficit adds an average of $1.76 million in additional breach costs.The shortage spans both technical cybersecurity skills and adjacent competencies. Cloud security, threat intelligence analysis and incident response capabilities are in high demand. Equally…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today