So you've organised your disaster recovery plan and you've build a solid backup service in the cloud. That means you're fully protected against ransomware, right? We're sorry to have to tell you this, but no.
If you get infected with ransomware that encrypts your data, then a solid backup means you'll be able to recover your information and avoid dealing with online creeps demanding a fee to restore it. The problem is that today, the crooks will probably have stolen that data too. This is a recent evolution in ransomware called double extortion, and it has changed the ransomware threat entirely.
A double extortion ransomware gang will encrypt your data as usual, but they will also exfiltrate it at the same time, sending it back to their command and control server. This is the external computer that communicates with the ransomware and sends it instructions. They will then threaten to publish that data unless you pay up. So even if you can restore the data from backups, you're still at their mercy.
That data can be pretty sensitive. Back in 2014, hackers purportedly from North Korea compromised Sony Pictures and stole emails in retaliation for the making of The Interview, a comedy about assassinating Kim Jong-Un. They later released the emails, revealing embarrassing gossip about celebrities signed to the studio.
Since then, we've seen multiple double extortion attacks, including one against the University of Utah, which had to pay $457,000 to ransomware operators even after restoring its backups. The REvil ransomware gang stole celebrity data from law firm Grubman Shire Meiselas & Sack in May 2020 and then published some of it - including sensitive files related to Lady Gaga - online after the company refused to pay.
Anti-ransomware consulting company Coveware found that 77% of ransomware attacks now feature the threat to leak stolen data. So, what can you do to protect yourself?
Prevention is better than cure. This means shoring up your cybersecurity practice with some basic measures, including not just better user education but also better patch management for your software, and scanning for malicious attachments and links in emails. White-listing your software applications to allow only approved applications to run is another effective measure.
These are all excellent forms of basic cybersecurity hygiene, and applying them together will lower your risk of infection. However, no strategy is 100% secure. All it takes is one lucky move on an attacker's part - or one slip on your side - to fall foul of ransomware. Handing off security to a managed security services provider that specialises in this practice will give you the strongest possible protection against ransomware infection.
Beyond that, take the time to evaluate your current data management processes. How aware are you of what data you collect and where you store it? How do you tag it for sensitivity and ownership? Do you store riskier information in more secure enclaves? Do you need to retain it at all?
These are the kinds of questions you should be answering now to minimise the chances of a successful data thief getting hold of something that could damage your company, or your customers. That kind of assessment will help you evaluate your risk so that you can tighten your data controls before an attack happens.
With ransomware crooks now targeting large and small companies alike, no one is immune. The best time to put these practices in place is before an attack happens. The worst time is after you get the ransom note.