According to the Department of Homeland Security, ransomware attacks have doubled since 2017. The influx illustrates both the profitability and overall lack of deterrents when it comes to ransomware, which has become a low-risk money maker for cyber criminals.
While some events are resolved by big payouts, authorities still urge against paying ransom to hackers. There is no guarantee that an organization will be able to access data even after shelling out millions of dollars—and continuing to pay reinforces ransomware’s viability as a tactic.
Currently ransomware may appear to be running rampant, but government efforts to curb its growth, coupled with smart technology measures, will disincentivize and deter cyber criminals from pursuing ransomware moving forward. Working in conjunction, government and industry have the power to combat this threat.
Current Government Actions
As criminal groups increasingly target U.S. critical infrastructure, risks from attacks on these key systems and assets include national security, economic stability, and public health and safety.
The federal government is taking this seriously, with agencies like the Cybersecurity and Infrastructure Security Agency leading the charge. CISA continues to take steps to ensure secure and resilient infrastructure with its Reduce the Risk of Ransomware campaign—which includes the launch of its Ransomware Readiness Tool and continual guidance on rising ransomware threats targeting operational technology assets and control systems.
Legislators are also acting with bills that would enforce stricter penalties and increase the Justice Department’s ability to pursue foreign bad actors. Recently The International Cybercrime Prevention Act was introduced with these objectives in mind.
But, while state actions against cyber criminals could diminish the attractiveness of the ransomware business, it will remain an issue if organizations aren’t also protecting themselves on an individual level.
Taking preventative steps
For the government to win the ransomware battle, a successful strategy needs to include education, implementation and remediation.
There are two major audiences that should be targeted from an education perspective: IT staff and organizational users. Both groups play an important role. On a user level, education and training should focus on how to identify potential malware or phishing that can lead to ransomware attacks on agency-owned and personal devices.
For IT leaders, it’s crucial to launch a strategy that focuses on not paying the ransom and putting in place measures that eliminate the need to consider payment as an option. The only solution is to restore data, which requires a process of prevention and preparation.
With this in mind, implementing a backup and recovery solution that is simple, flexible and reliable is key. Data protection solutions should offer ransomware-proof backup and recovery, real-time detection for malware activity and guaranteed recovery.
Accelerating a backup strategy
Ransomware should always be recognized as a possibility, so a solid backup strategy that incorporates the 3-2-1-1-0 methodology is crucial.
This starts by always ensuring data is backed up in three locations.
These three backups should include two different media, such as internal hard disk drives and tapes, external hard disk drives or cloud storage. At least one copy should be protected with an encryption key at an offsite location—away from the physical location where the primary data and primary backup is located. One copy should be immutable and stored offline to eliminate the potential for data manipulation.
Lastly, be sure to have verified backups without errors. The backups need to be monitored daily and restore tests should be performed at recurring intervals to ensure validity and effectiveness.
In addition to following the 3-2-1-1-0 strategy, agencies should simplify their security with a backup solution that focuses on comprehensive data management. Reliability, ease of use and versatile restore options are crucial features for backup—the moment a major ransomware attack occurs isn’t the right time to discover a backup solution is overly complex. The right solution will include all recovery mechanisms including backup, replication, storage snapshots and continuous data protection.
Government agencies are advancing their missions through hyper availability of data in the battlefield, in federal offices, at sea and in space. But the threat of ransomware and loss or seizure of this data still looms large. Mitigating and deterring these threats is the key to ensuring continuity of government operations.
A robust backup and recovery strategy that includes these deterrence and prevention measures will help eliminate downtime and help agencies confidently recover from any situation.
Dave Russell is vice president for enterprise strategy at Veeam.