If there is one trend that has been growing year over year, it’s the impact of ransomware on corporate networks. The attacks, which grew in popularity in 2016, will likely become more widespread in 2017 because of their simple attack-to-monetization pathway for the aggressor.
Ransomware works in several different ways, but the underlying idea is the same — take control of a user machine, lock the data or the device, and then demand payment to unlock the content. Typically, there is a timer associated with how quickly you must pay the attacker to unlock or decrypt your device or data, and if the time expires, the machine is permanently disabled with no means to recover your data.
If only one machine was impacted by ransomware, the rapid growth of these malicious applications would not send cold shivers down the spine of IT admins, but what typically happens is that these applications swim upstream and can encrypt data on network drives and potentially shut down entire companies if the spread of the ransomware cannot be stopped.
Earlier this year, Veeam surveyed nearly 1,000 organizations, as noted in the latest iteration of VeeamUp, to understand the scope of the ransomware attacks and the results show that this threat is real and is happening on a wide scale.
The results indicated that nearly 46 percent of respondents had a ransomware incident in the past two years and of those affected, 91 percent had data encrypted. Of those impacted, 2 percent said that they ended up paying to recover their data; payments were typically below $10,000, but one respondent said that their payment did exceed this threshold. Additionally, 84 percent said that they were able to recover their data without having to pay the attacker.
These stats highlight how pervasive these attacks are in the real world and that taking steps to safeguard your network, specifically from ransomware attacks, is time well spent. Investing time to make sure end-user machines have the correct permissions, prohibiting downloading of unauthorized applications, and training about best practices for browsing the web/opening email are all valuable uses of resources.
As we dive into the new year, it’s important to factor in ransomware into your recovery plans. Although you can’t control everything a user does on your network, you are able to safeguard your data and build out the proper recovery processes. Everything from building in redundant and isolated backup solutions so that your entire company has availability if an attack does occur without significant downtime to creating the proper air gaps between all of your backups to prevent ransomware-creep should be heavily reviewed to make sure you can recover quickly when ransomware attacks strike.
With 46 percent of respondents from the survey indicating that their environments have been impacted by ransomware, the threat is not only real, but widespread, too. If you don’t have a battle plan in place for when a ransomware attack occurs, consider it for your highest priority for 2017.