Contact Us  |  Blog  |  Account  |  Support  |  DEMO

The Evolution of Ransomware and How It’s Targeting the Enterprise

The-Evolution-of-RansomwareRansomware is evolving. The hackers behind the original Cryptolocker trojan were stopped in 2014, but the number of imitators is growing. One type of ransomware called Locky has reportedly been infecting tens of thousands of machines a day. A Los Angeles hospital was recently forced to pay $17,000 to restore access to CT scans, lab data and other critical files. A few months earlier, a hospital in Florida was attacked.

These are just the stories that make the headlines and it is not just the healthcare industry that is at risk. Security researchers now believe that ransomware developers are targeting the enterprise, expanding the file types they can infect to include business critical unstructured data such as CAD files. Most companies choose not to discuss their ransomware battles because they do not want their clients thinking they have security weaknesses. But the unsettling truth is that almost any company can fall victim to ransomware. With a strong data protection solution in place, however, your business can overcome a ransomware event. We know because our clients have been thanking us for the fact that Nasuni has allowed them to dismiss ransom requests and restore access to their unstructured data.

Helping Organizations Deal With Ransomware

Take the Lewis Group of Companies, one of our clients in the real estate industry. Initially, the Lewis Group partnered with Nasuni to cut storage costs and improve file access and performance at their remote offices. But Nasuni has also helped them get out of several ransomware binds. In the first instance, an employee opened one of the malware’s well-disguised application files. Often this is all it takes – one end user making a mistake. The ransomware then accessed a drive on the network and encrypted 62,000 company files.

The hackers demanded a $5,000 ransom to unlock the unstructured data. Instead of paying, IS Project Manager Mike Viselli isolated the drive to contain the problem, then reviewed the snapshot history at the infected office. Since Nasuni’s data protection is built around frequent, unlimited snapshots to the cloud, Viselli knew that master copies of all previous versions of the encrypted files were securely stored in the company’s dedicated cloud storage volume. The question was how far he’d have to roll back – and how much work they’d lose. With traditional backup and disaster recovery, that could amount to days or more. Thanks to the frequency of Nasuni’s snapshots, though, Viselli found that he’d only have to roll back eighteen minutes. He restored the drive quickly – from his office a few hundred miles away – and he did not pay a dime in ransom. When another ransomware incident occurred a year later, he was able to respond even faster, thwarting the attack once more.

The Lewis Group is just one example. Privately we have had clients tell us numerous ransomware survival stories. We helped one customer avoid payments totaling $2 million. Another company has taken advantage of our cloud data protection to dodge more than 50 ransomware attacks.

The Downside Of Traditional Backup

Nasuni is not the only way to avoid paying a ransom. For example, the Florida hospital referenced above was able to restore access to most of its files from backups. But the key word there is most. Traditional backup and DR systems are sporadic and unreliable. Also, restores can be slow, causing users to wait for their data even if it is there. That is one of the reasons companies often choose to pay the ransom — they would rather pay a fee than risk losing days of work or even losing access altogether. With a solution that relies on frequent snapshots to the cloud, you not only restore access, you also minimize the impact, shrinking that data loss window to a matter of minutes and reducing the time it takes to make the data available again.

Ransomware is not going away. And as long as companies continue to rely on outdated backup and DR solutions, the hackers behind these attacks are going to continue collecting fees. Evaluate your DR and continuous data protection strategy, and let us know if you would like to learn more about how Nasuni has been helping our clients dismiss these attacks.