When it Comes to Ransomware, Air Gaps Are The Best Defense

server disk

There’s no doubt that ransomware is a growing threat for all types of business today and there’s also serious concern that it will continue to get worse as these ransomware attacks are often successful. For many businesses, the cost of paying the ransom is less than the cost required for recovery and the accompanying downtime. Ransomware is a type of malware that typically blocks access to sensitive company data or files until a ransom is paid.

Ransomware typically encrypts the victim’s files which renders them inaccessible until the ransom is paid and the attacker delivers the key required to decrypt the files. Ransomware attacks are usually carried out using a Trojan that is disguised as a legitimate file that a user is tricked into downloading or opening when it arrives as an email attachment.

In some cases, like the infamous WannaCry attack, it can also be accompanied by a worm which enables it to spread to other networked computers without any additional user interaction. The ransom is typically paid using bitcoin or other untraceable cryptocurrencies. However, while most successful ransomware attacks do wind up providing the decryption keys, there’s no guarantee the perpetrators will do so. Depending on the type of business, a ransomware attack can be crippling to the organization. For example, healthcare organizations and manufacturing firms are especially appealing targets as they are extremely sensitive to any downtime.

A couple of recent notable victims of ransomware underscore the severity of ransomware today. This past June the city of Riviera Beach, Fla., paid nearly $600,000 in ransom to hackers who took over the city’s computer systems. Riviera Beach is a small city of about 35,000 people just north of West Palm Beach. The attack began on May 29 after a police department employee opened an infected email attachment.

Subsequently, all of the city’s online systems, including email, electronic payments, water utility pump stations, and some phones, were all taken offline. In their case, the city decided it was cheaper to pay than to attempt to restore their systems; a similar malware attack recently cost the city of Baltimore $18 million to repair damages. Previously, the city of Atlanta also underwent a ransomware ware attack and estimated cost of recovery was $17 million. There’s no doubt that ransomware will continue to be a serious threat going forward.

Having an effective disaster recovery plan is the only real safeguard for a ransomware attack. Clearly, a ransomware attack can be considered a disaster just like a hurricane, a flood or a power outage and a properly implemented modern DR plan should have contingencies for dealing with outages caused by ransomware attacks.

Offline backup or replicas are your best protection from a ransomware attack as they can be used to restore your system’s functionality using a system state that was captured before any system infection had occurred. Some types of ransomware are capable of selectively targeting backups. It’s vital that you keep a copy of your backup or replicas offline – or air-gapped – to prevent them from being corrupted by malware worms that can potentially move through your online network. Making sure that there is a separate authentication method can also help ensure that your offline backups or replicas are secured.