Five persistent myths about ransomware

Ransomware is part of everyday corporate life. Unlike an attack on a private computer, infiltrating a corporate network can result in ransom demands in the six-figure range. In addition, companies still set the wrong priorities when it comes to ransomware attacks. They believe paying up is the quickest way out of trouble. However, the reality paints a different picture. Even after paying the ransom demanded, the network and the data remain vulnerable and new attacks threaten.

Veritas dispels the five most persistent myths surrounding ransomware and provides tips on how companies can avoid falling into the ransomware trap in the first place.

1. When we pay, the hackers let us access our corporate data again immediately.  

Companies are data-driven. A ransomware attack brings their business to a complete standstill, often for days. No company can afford that. Therefore, affected companies tend to pay the ransom as soon as possible. This gave 29 percent of the companies surveyed by Veritas an.

However, the fact is: even after paying a ransom, the data usually cannot be recovered. This is a considerable loss of money, but it does not end there, as a study by Sophos confirmsThe company will have to invest a similar amount again for the restoration.

However, the consequences cannot only be quantified financially: a tarnished reputation, the loss of customers, as well as difficulties with data recovery can cause damage that is even more expensive than paying the ransom sum. So paying money to the extortionists should never be the solution. Because this encourages the cybercriminals to continue their activities and keeps their fraudulent system going.

2. Hackers are only interested in people who have sensitive information in their eyes. 

That's not right. Hackers primarily target employees, regardless of industry, position or identity. Their email addresses, passwords and bank accounts are of interest, but so are encrypted databases that are hacked via an employee's login. Ultimately, any information can be monetized on the darknet or a ransom demanded to remove the malware from the hardware.

Hacking is becoming more sophisticated and targeted every year, and more and more SMEs are falling victim to it. Their IT is usually less well protected, so the security systems are easier to circumvent than in large companies. However, it is also true that the more interesting and important the hacked information is, the more lucrative it is for the cybercriminals and the higher the ransom demand will ultimately be.

3. Our security system is sufficient to withstand cyber threats, including ransomware.

Companies are deploying increasingly professional and always up-to-date security systems to protect themselves against cyber threats. However, these do not provide sufficient visibility across the entire infrastructure. Moreover, no system is infallible, especially as attacks become more sophisticated and targeted. The current trend for many employees to work remotely further increases cyber risk: their work devices are outside the protected corporate network, creating many more vulnerabilities and potential entry points.

It is therefore essential for companies to train their employees on current phising attacks and to develop an effective data management and backup strategy.

4. Our employees do not provide effective protection against ransomware. 

The human factor is and remains the main risk when it comes to IT security. That's right. Whether it's attacks by viruses, spam or ransomware, users are the preferred target of hackers. Still, employees can be a powerful weapon against cyber attacks. If they are regularly and sustainably educated and trained on potential threats - including management - they can make an important contribution in an effective early warning system. Unlike security solutions that only sound the alarm when malware is already in the corporate environment, employees can immediately inform the security team about phishing emails before they become an active threat.

5. A simple backup of the data is enough to restore it. 

Companies that have a backup system have already taken the first step in securing their data against ransomware. However, this is not enough. Once the malware has spread in the corporate network, the backup stored there is also affected, and the backed-up data remains encrypted.

Only off-site backups - at least for the most critical data - are effective. To prevent their encryption, they should always be kept separate from the productive system. The use of cold storage solutions - such as external or offline hard drives, combined with multifactor authentication - protects backups from system infections and preserves critical data needed for disaster recovery.

Sascha Oehl, Technical Director DACH at Veritas Technologies, comments: "It is a fact that ransomware poses a serious threat to companies of all industries and sizes. And this threat is further exacerbated by remote working. Once ransomware has infested the corporate network, the only lifeline left is an effective backup strategy. It is not enough to store the backup separately from the other data, but still in the same infrastructure. Malicious encryption attempts can only be prevented if the backup system is able to create an off-site copy of the files."

Effective backup solution against ransomware

A layered backup strategy helps prepare for ransomware. First, companies should distribute backups in isolation from each other across different environments, creating self-sufficient islands. Using the cloud to store backups is the most effective option. Separated from the company's main network and always updated according to the latest security guidelines, cloud storage is a cost-effective and scalable alternative. Data copies stored on-site should be immutable. The final step is to ensure that the recovery process is resilient. Companies should therefore conduct regular tests to detect problems early on.

Careful management of data retention times also prevents backups from becoming a storage space problem. For each backup, it is therefore important to decide how many copies of data are necessary and where they are stored. A master catalog helps employees find data quickly so they can maintain their inventory as needed.

Source: Veritas