DIGITAL DIALOGUE
Highlights from a Recent Webcast on Ransomware
BUILDING RESILIENCE AGAINST
RANSOMWARE
Focus on the Left of the Boom and Back Up Files before Any Attack
On Friday, March 6, 2020 the city of Durham, N.C. was hit with a ransomware attack. Durham had a hardened backup system from Rubrik in place so their systems were only down for a short period of time. They were able to get critical
city services such as 911 back online very quickly. Over that weekend the city’s IT staff was able to recover
all of its key services and they
were completely up and back in business by Monday morning. Durham’s story is somewhat
unique in that it didn’t have
any long-term damage. That’s definitely not typically the case.
Ransomware is one of the
main threats facing both public
and private organizations
across the world. Last year, for example, the Federal Bureau of Investigation’s (FBI’s) Internet Crime Complaint Center (IC3) received 2,047 ransomware complaints, an increase
of 38% year-over-year. The average recovery time of a ransomware attack is 7.3 days, according to research firm Forrester. Some organizations simply can’t recover at all.
When COVID-19 hit, cybercriminals came out and announced they would reduce the number of attacks they launched and completely bypass health-related organizations. While there was a precipitous drop in
ransomware attacks, the cyber gangs’ self-imposed shackles recently came off, and ransomware incidents have started rising, with attackers using fear of the coronavirus as an attack vector. In addition, targeted attacks, also called big game hunting, are up, and cyber criminals are shifting their strategies, threatening to expose data,
“You can do everything right, and still get attacked. It’s always going to be coming back to, ‘Can I recover? And how quickly can I recover?’”
— Rebecca Fitzhugh, principal technologist and director of developer relations at Rubrik.
rather than just encrypt and delete it.
Companies and agencies are getting hit harder, and the end results are getting worse,” explained Rex Booth, Cyber Threat Analyst at the Cyber and Infrastructure Security Agency (CISA) in the U.S. Department
of Homeland Security. He was speaking during a webcast called “Avoiding the Ransomware Trap with Protected Back-Up and Cloud Data Management.”
“The sophistication of the threat isn’t the relevant factor for a victim,” he
said. “It’s the magnitude of the impact, and through that lens, ransomware is
a big deal. Being unable to function, losing the progress that you’ve
made since your last backup, halting productivity. In many circumstances, [these issues are] far more devastating than the Chinese or whomever stealing your corporate intellectual property.”
Figuring out how to not just recover from an attack, but prevent one completely is where organizations and agencies must concentrate their efforts, and it’s simply not enough to engage in the same strategies that worked in the past, Booth said.
Everything we do exists on a timeline and for cybersecurity,
technologists as a whole look at actions relative to a bad event as either left of boom or right of
boom. Sometimes you can fix things right of boom, or after something goes wrong. IT can detect the adversary once they’re in a network and evict them, or can reroute traffic around a dead gateway. It’s possible to “remotely brick stolen phones and laptops, but there are lots of solutions that simply don’t exist right of boom,” CISA’s Booth explained. “You can’t reclaim the confidentiality of sensitive papers posted on Pastebin and you can’t recover lost files with no backup.