The recent WannaCry attacks were part of the most prominent ransomware campaign since at least the spread of CryptoLocker in 2013, and perhaps ever. Ransomware is a special class of malware, defined by a specific set of technical features:
- The ability to hold data hostage: Files on the infected machine are rendered unusable, typically by encrypting their contents and then withholding the key.
- The demand for payment: The victim is asked to pay a ransom for the safe return of the files; payments may be required to be made in a cryptocurrency, such as bitcoin.
- The potential to spread quickly: Early ransomware was distributed to mailing lists via physical media like floppies; modern variants may exploit protocols such as Microsoft Server Messaging Block.
WannaCry blended all of these characteristics, which enabled it to infect tens of thousands of Windows-based PCs and servers worldwide. However, despite its vast scale and high-profile successes in infiltrating the U.K. National Health Service as well as Spain's Telefonica, WannaCry was a flawed piece of malware, meaning that there is ample opportunity to learn from its design and prepare for the next incident by improving or upgrading your disaster recovery solution.
How ransomware affects DR strategies
The 2017 Data Breach Investigations Report from Verizon highlighted the recent uptick in ransomware incidents, underscoring the risk of sensitive data as well as mission-critical applications being subsumed by such malware. McAfee Labs identified more than twice as many new ransomware samples in Q2 2016 than they did in Q1 2015, although there has been a downturn in this trend more recently.
Ransomware creates a unique challenge for disaster recovery processes. While it does not, in most cases, technically bring an entire system down, it can make essential applications and services unusable unless a ransom is paid, a "kill switch" in the ransomware is discovered or the encryption itself is broken (either by brute-force guessing or somehow discovering the key). Without a usable backup, this stand-still is de facto downtime.
Disaster recovery-as-a-service is particularly helpful in such situations. For starters, DRaaS circumvents the local and opportunistic nature of most ransomware; threats like WannaCry usually take advantage of individual PCs and servers that run older (and hence less secure) operating systems. In WannaCry's case, most of the exploited machines were running Windows 7, which was originally released in 2009. It successfully hijacked many of its targets by making it impossible for their users to access the only copies of essential files.
"DRaaS circumvents the local and opportunistic nature of most ransomware."
In contrast, DRaaS offers recourse via off-site backups. Even if ransomware stole the files on one computer, a clean copy could be restored from a data center by the DRaaS solution. Moreover, DRaaS sites are built on highly secure virtual and cloud infrastructures, which are monitored 24/7. This level of security attention is beyond what many organizations can afford to pursue on their own time and dime
Hedge against ransomware with a DRaaS solution from UbiStor
UbiStor offers DRaaS suitable for a wide range of requirements and budgets. A tiered system is available to match different recovery time objectives and ensure success based on each customer's specific disaster recovery needs.
Recovered applications and systems can be accessed from the cloud even while local machines are still in the process of being recovered. Accordingly, the harm from a ransomware infection such as WannaCry, especially in terms of downtime, can be greatly mitigated.