Tackling the Inevitability of Ransomware

Attributed to: Edwin Weijdema, Field CTO EMEA and Lead Cybersecurity Technologist, Veeam and Beni Sia, APJ Leader, Veeam

82% of organisations in the Asia Pacific & Japan (APJ) region were hit by at least one ransomware attack last year, according to the Veeam Data Protection Trends Report 2023. It is now becoming increasingly evident that ransomware attacks are not only widespread but also inevitable for all businesses. The first step to tackling this threat is acknowledging this inevitability and learning how to live with ransomware. Here are three solutions that businesses can consider adopting in order to enhance their preparedness against cyberattacks.

Cyber-Insurance is Not Enough
Ransomware attacks are a very real and present threat – we see this not only via news headlines but in the frequency of discussions at the boardroom level. It’s no longer a matter of “if” businesses are attacked, but “when” and “how often”. While a vast number of organisations experienced at least one attack last year, the Veeam Data Protection Trends Report also showed that just under half (45%) suffered at least two or three attacks. As a result, the first solution that companies might naturally turn to would-be cyber insurance. It is important to note, that cyber insurance may pay for the damage caused by a ransomware attack, but it can never prevent or undo the damage or the ripple effect an attack creates. The damage might be tangible like the loss of customers and data, or intangible — reputation damage or a loss of customer trust.

Furthermore, the increase in the number of ransomware attacks has led to cyber insurance providers becoming wary of providing policies. More than 40% of organisations in APJ indicated that ransomware attacks were not covered by their cyber insurance provider. In those lucky enough to be covered, some face stipulations that they cannot speak about the breach publicly. Unfortunately, this keeps the reality of the pervasiveness of ransomware attacks hidden from plain sight; but it is only through education and transparent sharing that businesses can collectively become stronger in the defence against ransomware attacks.

Talking about ransomware attacks dispels the mystery around them. This is because many do not know how ransomware attacks unfold, despite their prevalence. Was a similar company vulnerable due to human error? Was it an overlooked security posture? Did someone willingly let attackers in? Knowing each step of the attack process will help organisations pinpoint its weaknesses in preparation for a real attack.

Ransomware is a Beast That’s Visible
Conversations about ransomware rarely acknowledge that a ransomware attack is the culmination of a series of events orchestrated by bad actors. Ransomware doesn’t just appear – it follows days, weeks, months, or even years after laying the groundwork. Let’s unpack the different stages of a ransomware attack:

It begins with observation. Cyber criminals are on the watch to gather information on employees, business processes, and technology to identify loopholes and opportunities. This is akin to a burglar, who would familiarise themselves with the entrances and exits of a building, the structure of the building, and who lives there. To cyber criminals, knowing who and what they are dealing with is half the battle won.

After observation, comes action. Just like how a burglar would enter the building after formulating a plan, cybercriminals will find a way to enter and create a base of operations within the target’s infrastructure (such as via a phishing campaign). At this point, they are out of sight but are already in a position to do some significant damage. These cyber criminals often exfiltrate data at this stage and destroy backups completely undetected. After that is completed, they will make their presence known by launching the final ransomware attack and demand.

Knowing the intricacies and full process of a ransomware attack can be overwhelming –  security teams need to beware of unknown and invisible foes that are hiding in the background. Do not be disheartened. After all, knowledge is power. Knowing your enemy’s strategy will help organisations develop the strongest possible backup and ransomware recovery strategy.

Don’t Leave It to Luck
While ransomware attacks are a looming threat and an inevitability, data loss doesn’t have to be. Achieving complete resiliency is feasible with the right precautions. By focusing on a few crucial elements, any organization can establish an ironclad data protection strategy.

There are three parts to this. Firstly, security teams need to have an immutable copy of their data so that hackers cannot alter or encrypt it in any way. Secondly, they need to encrypt their data so that hackers are unable to access or use it even if it is stolen or breached.

Lastly, the linchpin in fortifying this defence is the implementation of the 3-2-1-1-0 backup rule. This rule dictates the need for a minimum of 3 copies of your data. If two devices are compromised or fail, having an extra copy significantly reduces the risk. Diversifying storage across 2 different types of media is another crucial step – for example, one copy can reside on an internal hard disk, and another stored in the cloud. Then, 1 of these should be securely housed at an offsite location, and 1 should be kept offline (air-gapped), completely isolated from the primary IT infrastructure. Perhaps most crucially, the “0” stage emphasizes the necessity of error-free backups. Achieving this requires regular testing, ongoing monitoring, and a vigilant approach to restoration procedures, beyond simply accepting that logs state a backup was performed.

By following these steps, organisations can be sure that their data is secure and fortified against hackers.

The Bottom Line
Organisations will at some point face a ransomware attack – cybercriminals are always on the lookout for their next victim. There is no need to fear; with increasing awareness, comes increasing preparedness. While a cyberattack brings chaos, you will be able to control it with the right strategy, and this makes all the difference.