Ransomware is Targeting Large Enterprises: Are You Prepared?

The ransomware threat is evolving and continue to target large enterprises, with more than 200,000 organizations hit last year. Are you prepared?

February 20, 2020

The ransomware threat is evolving. More than 200,000 organizations were hit by ransomware last year, according to a recent report from The New York Times. The FBI recently released its annual Internet Crime report, and cited total ransomware-related losses in 2019 of at least $8.9M. Yet even this number is artificially low, according to the FBI, since thousands of attacks go unreported every year.

In some cases, companies are paying six-figure sums to restore access to their files and systems, and these ransoms are only the start. According to one expert group, the costs of downtime are probably 5X to 10X what companies pay their attackers.

Enterprises have to account for:

  • Lost access to files and other business-critical data
  • Facility/production downtime and loss of employee productivity
  • Loss of sales/accounts due to inability to fulfill orders on time
  • The cost of mitigation, or fixing the infected/attacked systems

The real cost of ransomware is downtime, and attackers are becoming increasingly aware of the potential for damage within large enterprises. Originally, most ransomware attacks targeted individuals and demanded relatively small payments. Now the focus appears to have turned to large organizations that have more to lose.

Consider the story of Norsk Hydro. An attack by one of the newer ransomware variants impacted 160 manufacturing locations. The company’s operations response team had to shut down 22,000 PCs and thousands of servers to prevent further damage. Employees couldn’t accept new orders. Production stopped in some areas, and the estimated losses totaled millions of dollars.

Defending Against Enterprise-Focused Ransomware

The changing nature of the attacks and the dissemination of new variants has enterprises and public sector organizations searching for solutions. Generally, ransomware works its way into an enterprise through one of a few means:

  • phishing emails with suspicious attachments
  • drive-by downloading (you visit a website and malware is downloaded without your knowledge)
  • Web-based instant messaging apps
  • insecure Web servers

The FBI details a number of best practices for preventing these attacks, including educating your users, simulating phishing attacks to test your workforce, and more. Our Chief Science Officer, David Shaw, also reviews some of his recommendations in our 2019 video chat, How to Maintain Business Continuity in the Age of Ransomware.

Still, the attackers are becoming bolder and more creative, so they might find a way inside regardless. This is where a strong recovery plan becomes critical. In a recent report to CISOs, the FBI advises backing up your data regularly, and testing and verifying these backups. But traditional and even cloud backup might not be sufficient. First of all, backups are notoriously unreliable. One of our clients recently confessed that his company was happy if they had a 90% success rate on backups. Plus, some network-connected and cloud-based backups can now be impacted by the latest ransomware variants.

Instant File Recovery with Nasuni

This is one of the reasons we’re seeing so much ransomware-related interest in Nasuni. Our novel approach to data protection offers a unique defense against ransomware because Nasuni eliminates traditional backup in favor of Continuous File Versioning® to the cloud. With the Nasuni cloud file services platform, the “gold” or authoritative copy of each file resides in the cloud. Files are chunked, compressed, and encrypted, then stored within an encrypted cloud volume as WORM (write once, read many) objects. The platform can add new data to the cloud backend, but the existing versions remain readonly, so they cannot be altered, and they’re not vulnerable to ransomware encryption. As long as our clients store their cloud credentials securely, there’s no way for an attacker to access these volumes.

What this means is that if a ransomware attack encrypts our clients’ locally cached files, IT can quickly restore access to recent versions. If needed, IT can restore the entire file system from the most recent point before the attack, which could be anywhere from a few minutes to an hour, depending on your settings. Downtime is reduced from days to hours, or even minutes, and there is no need to pay the ransom.

Take a look at this FBI one-pager on ransomware for additional information, or learn more about how Nasuni maintains business continuity in this age of ransomware by watching our video. And please reach out if you have any questions about how Nasuni can help protect your organization’s critical business files.

Ready to dive deeper into a new approach to data infrastructure?