Imagine the panic and concern that hits as you look at a screen that says: “All files on your computer have been locked. Please pay the ransom within 24 hours to get the key … or else.”

From the days of ransomware being distributed on floppy disks to modern-day attacks like WannaCry and Petya spreading around the world in minutes, this may be your image of ransomware recovery. Ransomware either locks your computer or your data before demanding a fee in exchange for the supposed safe return of your critical assets.

Unfortunately, the actual costs associated with ransomware go well beyond simply paying a ransom. The disruption this form of attack causes can bring operations to a halt — affecting the organization’s bottom line, reputation and brand.

Watch the Guardium Tech Talk on-demand to learn more

Ransomware: To Err Is Human

Aside from blocking organizations from accessing their own data, cybercriminals also use ransomware to hide the delivery of other malware, steal data or simply cause business disruption. The growing sophistication and proliferation of ransomware over the past few years has led many companies to anticipate an eventual attack.

Recognizing the inevitability of a ransomware incident is a good first step toward mitigating this threat. But the reality is that organizations must immediately assess how their business has been disrupted — whether confidential or proprietary data is at risk and whether their recovery plan is sufficient — in the event of an attack.

Historically, ransomware payloads have been delivered via email attachments, malicious or hijacked websites and adware — just to name a few. But methods of ransomware deployment and execution usually have one thing in common: human intervention. Security training has helped educate users to be wary of suspicious emails from untrusted sources or unusual content, and this is a great start.

However, as more and more ransomware variants spread via broader means, it’s critical to augment ongoing user education with technical controls and processes for optimal protection. For example, it is crucial to update security patches for all operating systems and software, especially antivirus and antimalware tools, for the latest known attack vectors. It is also important to minimize and monitor system and data access permissions based on least privileged access and job functions.

Still, preventative measures can only do so much because, well, humans are human.

Known malware or vulnerabilities aren’t actually known until they are discovered, and protection is not provided until the antivirus and antimalware tools have been updated to detect these vulnerabilities. This recursive cycle of applying protection only after finding the problem requires us to think about additional methods that provide preventative protection and instant remediation in the event of an attack or infection.

As an example, let’s assume that someone (or something) has infiltrated your system or network. In an unprotected environment, data exfiltration is rudimentary once the system or network has been compromised. If the data is encrypted and unable to be decrypted without the proper authentication and authorization, however, data exfiltration is blocked even though the encrypted bits may be accessible to the attacker. This basic layer of protection gives you the peace of mind that even if malware or ransomware gets to your data, it is safe from unauthorized use or disclosure.

Make Backups, Encryption and Cloud Storage Your Priority

Even if your data is protected against theft or unauthorized disclosure, the files may still be locked by the ransomware. How can you regain access? According to an alert from the Department of Homeland Security (DHS) on ransomware and recent variants, it is critical to have a secure data backup and recovery process.

The DHS advised organizations to:

  • Implement a backup and recovery plan for all critical data;
  • Regularly test backups to limit the impact of a data breach and accelerate the recovery process; and
  • Isolate critical backups from the network for maximum protection if network-connected backups are affected by ransomware.

While having a backup and recovery strategy is considered a best practice, the enormous amount of data organizations use every day can be challenging to back up, especially on a frequent basis. However, options for backing up large quantities of data exist today in the form of cloud storage.

The cloud has emerged as a low-cost alternative for backup and archiving, especially object storage where application programming interface (API) connectivity and geographic location choices make isolating backup data from the network relatively easy and inexpensive. But cloud storage comes with its own unique challenges, particularly privacy.

With the right approach, object store dependency and privacy concerns can be alleviated. Organizations must have technical and operational processes in place that allow data to be archived in object stores but stored in a way that explicitly blocks cloud service providers (CSPs) from accessing that data. In other words, the right approach is to copy, move, back up and archive data while encrypted and to make this practice a key part of the organization’s data protection strategy.

Watch the Guardium Tech Talk on-demand to learn more

How to Simplify Ransomware Recovery

Ransomware is designed to enable cybercriminals to take command and control of your systems and business operations for quick financial gain or other malicious intent. Once a successful attack begins, you no longer have control or access to one of your organization’s most valuable assets: its data.

Conversely, the focus of ransomware recovery is all about maintaining control as efficiently and securely as possible. This necessitates making data protection with secure backup and recovery an essential part of your security processes. To align with new regulations, such as the General Data Protection Regulation (GDPR), security controls must be implemented by design and by default so that your data is protected from the time it is collected until the end of its life cycle.

Organizations need to control the who, what, when and how of systems and data that are accessed based on job function or role. This is good security hygiene at its most basic level. By using a strong, data-centric solution that combines encryption, access controls, key management and monitoring — and linking it to a secure backup strategy — organizations can narrow the attack surface for ransomware and better position organizational operations to continue in the face of an attack.

That sounds complex, but it’s not.

With emerging cloud data encryption tools that feature file and object store encryption capabilities, organizations can significantly reduce the risk and cost of ransomware with a single integrated solution that covers role-based access controls, advanced encryption, key management, access monitoring, object storage security with geographic dispersal and native backup and restores capabilities. In addition, these tools manage data protection consistently, whether you are protecting attached storage at the file or volume level or object storage via API — and regardless of whether it is on-premises, in the cloud or a hybrid environment.

Expanding on the concepts of regular backups with encryption and secure cloud storage takes the best practices of good security hygiene and adds layers of data protection, consistency, automation and control to help organizations become better prepared to weather the storm of evolving cyberthreats.

To learn how IBM Multi-Cloud Data Encryption supports ransomware recovery, watch our on-demand webinar, “Guardium Tech Talk: Encrypting Your Object Store Data Without Giving Your Keys to the CSP.”

More from Data Protection

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today