With recent large-scale attacks dominating headlines, particularly WannaCry and Petya, ransomware is expected to cost over $5 billion in damages in 2017 according to Cybersecruity Ventures. These attacks are particularly dangerous because they don't just make a system unavailable, they render data unusable.
If you've fallen victim to a ransomware attack, there are only two ways to get your data back without paying the ransom: get a free decryptor, or fall back on your data protection strategy and recover your data.
Some victims have no choice other than to pay the ransom or lose their data. This is unfortunate because even if the ransom is a small amount, there are a number of problems with this course of action:
Criminals know you’re willing to pay a ransom and are more likely to target you again;
There’s no way to know that the criminals will or can decrypt your data;
Decryption might not work properly and you may lose data anyway;
Law enforcement agencies and other authorities discourage rewarding the criminal by paying the ransom.
You can either leave your data decryption and recovery to chance, or deploy a comprehensive strategy before an attack happens.
Data protection and recovery
There are a number of definitions for “data protection,” but the common theme is that it requires more than running a backup. Proper data protection is included in security planning – it includes business continuity and disaster recovery planning, as well as the many security practices involved in preventing unauthorised access.
In June, Barracuda conducted a survey focused on data recovery, which is ultimately what system administrators are trying to provide for their companies. Comprehensive data recovery involves data availability and data accessibility at all times.
When we talk about data availability, we're talking about data that’s stored as a backup, whether on a tape or disk. Data accessibility, on the other hand, refers to how easily it can be accessed for recovery.
Data isn’t accessible unless the tape or disk is with a compatible system. Accessibility for that system may be close to 100 percent for an administrator in a server room, but may be reduced to zero while the administrator is offsite or away from a designated computer. Meanwhile, the availability of the data remains the same.
Over 70 percent of respondents say that availability and accessibility are equally important. This indicates that businesses understand the value of data, as well as the value of recovering data quickly, possibly from a remote location or even a mobile device.
Protecting multiple locations
Perhaps one of the reasons that so many businesses value accessibility as highly as availability is that 53.4 percent are responsible for data recovery in more than one location. This means that the majority are working remotely at least some of the time. Their data recovery systems have to be accessible from more than one location and probably by more than one method.
Over 50 percent of respondents say that their backups are cloud-based and 76 percent replicate their data backups in the cloud. This suggests that the 77.4 percent who say they’ve a disaster recovery plan are using the cloud for redundancy and accessibility.
The bad news
There are two data points that cause some concern. The first is that 81.2 percent of respondents don’t test their data protection strategies more than once per year and about half don’t test them at all. This could be a major pain point, given data recovery may be the only way to avoid paying a ransom that may or may not result in the decryption of data.
It's also good business to test the company resources. If the company has invested in technology and planning to protect data, these things should be tested on a regular basis. User files change in value, applications are added or replaced and data is moved – all reasons to be testing backups more than once per year. Perhaps an application upgrade uses a new database instead of the old flat files. Perhaps a new application was never added to the data protection plan.
The second point here deals specifically with Office 365. Nearly 66 percent of Office 365 administrators are relying on the Recycle Bin for backup. Only about 1/3 of our respondents are using a data protection solution to protect their Office 365 deployments.
The Microsoft Recycle Bin is a nice feature, but its job is to help organisations safeguard against accidental data loss – it's not meant to be a data recovery solution. It doesn't offer necessary features to protect Exchange, Sharepoint, OneDrive and other services.
Default retention times aren’t standard across services, so administrators may not even have the minimal protection they expected. Data is non-recoverable once it’s deleted or ages out of the Recycle Bin. Companies that have to work within compliance frameworks and liability requirements may find that native Microsoft tools don’t meet the regulatory standards.
If you find yourself in one of these scenarios, don't worry too much. These are things that can be fixed quickly and improved upon as you go along.
Start by evaluating your current data protection and recovery plan. Do you have one? Who’s responsible for the deployment and management of the plan? Is the plan being tested? Are there any gaps between your recovery objectives and the capabilities of your data recovery solutions?
One of the most important questions to consider is whether your data protection and recovery plans are part of your security strategy? If you work in an environment where data protection is separate from security, it's time to bring those two functions together. In the age of ransomware, they cannot be separated.