Lessons in Ransomware Survival: REvil Hackers Demand $70 Million

We’ve been writing about ransomware for a long time. And, it’s certainly big news right now with the massive attack on Kaseya Ltd. affecting hundreds, if not thousands, of businesses. But ransomware has been around a lot longer than most of us realize.

The year was 1989, and a Harvard-educated evolutionary biologist named Joseph Popp was the perpetrator. Popp sent 20,000 infected floppy discs to attendees at a World Health Organization (WHO) AIDS conference. One recipient that inserted the disc soon found his computer locked with a message demanding that he send $189 to a post office box in Panama. He didn’t pay, and he was able to get his data back, though not everyone who inserted the disk was so lucky. But that incident affected a limited number of systems via a single means—if only things were so simple today. Unfortunately, with an entire ransomware industry now fully established, incidents continue ticking upward in frequency and scope like a hockey stick.

Every Organization Is Vulnerable

Everyone in IT wants to do everything they can to ensure that ransomware won’t find its way onto their systems. But the reality is that it is impossible to ensure 100 percent protection against ransomware—or any other cyberattack for that matter. Attackers are insidious. Social engineering schemes can get people to click on malicious links. An infected attachment that looks like it came from a legitimate source can get opened. Or even worse, an admin login and password can get stolen, handing the hacker the keys to your data castle.

The impacts of a successful ransomware attack on a company are indeed measured in dollars—Sophos' The State of Ransomware 2021 report pegs the cost of recovery at $1.85 million in 2021. But the cost in reputation can be immeasurable. There is also a toll on the team that is responsible for recovery too. A quick scan of the Kaseya VSA Security Incident customer update website clarifies that, while the attack was discovered on July 2, 2021, the company is still dealing with major issues as of this writing, July 8. That can't be easy.

Take this high-profile attack as your cue and ask yourself, is my company prepared for a ransomware attack? Here are some steps you can take to protect yourself.

Plan Ahead

The first step to protecting your data and ensuring you can get back in business is to develop a disaster recovery plan. We’ve put together a checklist of IT disaster recovery planning areas to get you started. While that list may be used to cover all kinds of disasters, the truth is that all disasters is what you should prepare for, even if ransomware is first on your list. The FBI also offers up some commonsense ransomware prevention and planning tips on its website.

Follow Backup Best Practices

If ransomware gets onto your network, there's no guarantee you'll get your data back, even if you do pay the ransom. According to the same Sophos report cited earlier in this post, only 8 percent of companies that do pay get their data back. We recommend that, at a minimum, you follow our take on the traditional 3-2-1 backup rule. Solid backup practices help ensure that you can recover your data.

Set Your Recovery Parameters

With good backup practices in place, you still need to set some critical metrics for recovering your data. The first, your recovery time objective (RTO), answers the question, how long can our company be without access to our data before the impact on our organization is too much? The second, your recovery point objective (RPO), establishes how much data your organization can tolerate losing in a data disaster like a ransomware attack. These two metrics should form the foundation for your backup and disaster recovery strategies—and the technology solutions you choose to help you put them in place.

Consider DRaaS to Prevent Drastic Impacts

Probably one of the best ways to ensure you can recover from a ransomware attack is by choosing disaster recovery as a service (DRaaS). DRaaS is a third-party service that replicates your systems, data, and applications from your on-premises network to other devices or clouds so that they can be recovered and restored.

StorageCraft, an Arcserve company, offers a DRaaS solution with advanced network-recovery options that let you hit the ground running after a disaster, like a ransomware attack, by allowing you to run your network in the StorageCraft cloud just like you'd run it onsite. You even have the option to use Virtual Machine Policy to configure the sequence, order, and timing for each of your mission-critical systems and press a single button to start a site-wide failover process.   

Not If, When

A recent TechRepublic article headline says it all: Ransomware attacks are not a matter of if, but when. So it would be best if you act now. And if you're not sure where to start, talk to a StorageCraft engineer. They have the answers you need.