Ransomware is Targeting Large Enterprises: Are You Prepared?

February 20, 2020 | Anne Blanchard Ransomware is Targeting Large Enterprises: Are You Prepared?

The ransomware threat is evolving. More than 200,000 organizations were hit by ransomware last year, according to a recent report from The New York Times. The FBI recently released its annual Internet Crime report, and cited total ransomware-related losses in 2019 of at least $8.9M. Yet even this number is artificially low, according to the FBI, since thousands of attacks go unreported every year.

In some cases, companies are paying six-figure sums to restore access to their files and systems, and these ransoms are only the start. According to one expert group, the costs of downtime are probably 5X to 10X what companies pay their attackers.

Enterprises have to account for:

  • Lost access to files and other business-critical data
  • Facility/production downtime and loss of employee productivity
  • Loss of sales/accounts due to inability to fulfill orders on time
  • The cost of mitigation, or fixing the infected/attacked systems

The real cost of ransomware is downtime, and attackers are becoming increasingly aware of the potential for damage within large enterprises. Originally, most ransomware attacks targeted individuals and demanded relatively small payments. Now the focus appears to have turned to large organizations that have more to lose.

Consider the story of Norsk Hydro. An attack by one of the newer ransomware variants impacted 160 manufacturing locations. The company’s operations response team had to shut down 22,000 PCs and thousands of servers to prevent further damage. Employees couldn’t accept new orders. Production stopped in some areas, and the estimated losses totaled millions of dollars.

Defending Against Enterprise-Focused Ransomware

The changing nature of the attacks and the dissemination of new variants has enterprises and public sector organizations searching for solutions. Generally, ransomware works its way into an enterprise through one of a few means:

  • phishing emails with suspicious attachments
  • drive-by downloading (you visit a website and malware is downloaded without your knowledge)
  • Web-based instant messaging apps
  • insecure Web servers

The FBI details a number of best practices for preventing these attacks, including educating your users, simulating phishing attacks to test your workforce, and more. Our Chief Science Officer, David Shaw, also reviews some of his recommendations in our 2019 video chat, How to Maintain Business Continuity in the Age of Ransomware.

Still, the attackers are becoming bolder and more creative, so they might find a way inside regardless. This is where a strong recovery plan becomes critical. In a recent report to CISOs, the FBI advises backing up your data regularly, and testing and verifying these backups. But traditional and even cloud backup might not be sufficient. First of all, backups are notoriously unreliable. One of our clients recently confessed that his company was happy if they had a 90% success rate on backups. Plus, some network-connected and cloud-based backups can now be impacted by the latest ransomware variants.

Instant File Recovery with Nasuni

This is one of the reasons we’re seeing so much ransomware-related interest in Nasuni. Our novel approach to data protection offers a unique defense against ransomware because Nasuni eliminates traditional backup in favor of Continuous File Versioning® to the cloud. With the Nasuni cloud file services platform, the “gold” or authoritative copy of each file resides in the cloud. Files are chunked, compressed, and encrypted, then stored within an encrypted cloud volume as WORM (write once, read many) objects. The platform can add new data to the cloud backend, but the existing versions remain readonly, so they cannot be altered, and they’re not vulnerable to ransomware encryption. As long as our clients store their cloud credentials securely, there’s no way for an attacker to access these volumes.

What this means is that if a ransomware attack encrypts our clients’ locally cached files, IT can quickly restore access to recent versions. If needed, IT can restore the entire file system from the most recent point before the attack, which could be anywhere from a few minutes to an hour, depending on your settings. Downtime is reduced from days to hours, or even minutes, and there is no need to pay the ransom.

Take a look at this FBI one-pager on ransomware for additional information, or learn more about how Nasuni maintains business continuity in this age of ransomware by watching our video. And please reach out if you have any questions about how Nasuni can help protect your organization’s critical business files.

Related Posts

September 15, 2022 Security Experts Pick Nasuni as Top Business Continuity & DR Solution

We’ve been shouting from the digital rooftops for a while about Nasuni’s Business Continuity and Disaster Recovery capabilities. While our rapidly growing and very loyal customer base is still the best metric for success, I’m thrilled to report that one of the leading cybersecurity media brands just selected Nasuni as a 2022 SC Award winner for Business Continuity & Disaster Recovery.

, , , ,
July 26, 2022 The Mendacious Magic of Cloud Tiering

In the words of the great Arthur C. Clarke, “Any sufficiently advanced technology is indistinguishable from magic.” This is a brilliant maxim, but it doesn’t mean that a solution which appears to be magical must be backed by sufficiently advanced technology. Instead, the inverse is often true, and companies develop simple, appealing, even magical taglines to mask the underlying flaws and complexity of their technology.

, , , ,
May 04, 2022 What We Get Wrong About Ransomware

Information security focuses its efforts around three pillars: prevention, detection and recovery. With ransomware, the first two receive far more attention than the third. This misguided focus results from a lack of understanding about how ransomware really works. This article will explain how ransomware operates at the file system level, how this impacts ransomware recovery and why paying the ransom is not a viable option.

, , , , ,