Why ransomware and other malware necessitate cloud-based data protection services

February 8, 2018 Uncategorized

Ransomware was one of the defining cybersecurity threats of 2017, even though it has been around for almost 30 years. The earliest strains were distributed via floppy disks and followed the now-familiar methodology of scrambling the victim's data and preventing its recovery unless a fee is paid. Recent variants have evolved to take advantage of more efficient distribution mechanisms, such as vulnerabilities within the Server Message Block (SMB) protocol.

Defending against ransomware requires a multifaceted approach. A lot of security-related advice has focused on spotting phishing emails, which are frequently the catalysts of ransomware infections. However, data backup services and Disaster-Recovery-as-a-Service (DRaaS) solutions are equally important measures against the dangers of modern malware.

The rise and fall of ransomware, and what it means for your data management strategy

In 2017, ransomware achieved its highest prominence ever thanks to attacks such as Wanna Cry, NotPetya and Bad Rabbit that affected thousands of devices across the globe. There's been a slight drop-off so far in 2018, though:

  • Security vendor Malwarebytes reported a steep decline in ransomware's share of all cyberattacks from its June 2017 peak, when it accounted for over 70 percent of them. By year's end, it was under 10 percent, according to ZDNet.
  • Reviewing this trend, one of the company's analysts citedimproved backup practices as pivotal to the diminishing appeal of ransomware. Even without additional security controls in place, an organization can dramatically cut its ransomware exposure with high-performance, redundant data backups.
  • Ransomware's loss has been cryptocurrency-mining malware's gain. Instead of merely encrypting target systems, many hackers have turned to strategies designed to essentially hijack them by taking over their CPU cycles for compute-intensive mining.

The takeaway is that cyberattacks evolve quickly, with new vulnerabilities opportunistically exploited and then abandoned once patches, updates and other remedial actions are applied. In the case of ransomware, the closing of the Eternal Blue loophole in SMB and the pursuit of more proactive data protection services led to rapidly diminishing returns for ransomware perpetrators and an accompanying drop in their activities. Ransomware can't be completely ignored, though, even if it has taken a back seat to other threats in the early weeks of 2018.

"Cyberattacks evolve quickly, with new vulnerabilities opportunistically exploited and then abandoned."

A few years ago, a composite materials manufacturer in the Netherlands learned the cost of having inefficient backup infrastructure when it was struck by the CryptoLocker ransomware strain, according to TechTarget. CryptoLocker never achieved the scale of the other threats we've mentioned so far, but it still made life miserable for many victims unprepared to deal with its combination of strong encryption and a strict time limit for payment. Even if ransomware doesn't seem like the top risk to your company's information at the moment, it's worth guarding against, especially since the mechanisms for doing so (e.g., Backup-as-a-Service [BaaS], DRaaS, etc.) are broadly useful for purposes such as improved compliance and better protection against natural disasters, not to mention safety from other malware.

Curbing ransomware and other malware with cloud-based solutions

Whether a fast-spreading form of ransomware or a furtive Bitcoin-mining program running in the background, malware is costly because it degrades or co-opts resources needed for normal IT operations. In the aforementioned case documented by TechTarget, the CryptoLocker infection overwhelmed the company's defenses and its limited premises-based backup tools.

More specifically, the organization had been counting on a combination of Linear Tape-Open (LTO) and disk-based backups to keep its assets safe. When disaster struck, its backup software was unable to catalog the LTO tapes, plus the disks contained stale data that took weeks to become fully accessible. These obstacles amplified the damage from the ransomware infection, demonstrating how a theoretically controllable threat can spiral out of control without a well-tested DR plan in place.

Enter cloud-based backup and disaster recovery solutions, via BaaS and DRaaS, respectively. Leveraging cloud-based resources has distinct advantages in:

  • Cost: IT resources can be reserved as part of a subscription and customers are usually only charged more for what they actually use.
  • Performance: BaaS and DRaaS are situated in certified, highly available data center facilities with up-to-date infrastructures supporting quick recovery that minimizes the cost of a security incident.
  • Security: Data encryption for BaaS in tandem with the use of secure data centers ensures proper handling of sensitive information even in challenging situations.

BaaS provides greater simplicity and reliability than traditional backup, while DRaaS offers much-needed resilience for critical assets. These cloud-based solutions are ideal in a ever-changing security landscape that can be difficult to navigate due to current shortages in in-house expertise, as well as constrained budgets complicating hardware and software upgrade cycles.

These issues can be solved by working with an established BaaS and DRaaS partner such as UbiStor.  Founded in 2001, UbiStor has deep experience in crafting compliance-driven solutions that will save you time, money and anxiety whether you are hedging against ransomware or any of the other dangers to your data. Learn more by viewing our Services pages or contacting us directly.