Authored by: Justin Loh, Country Director, Singapore, Veritas Technologies LLC

Just how lucrative is ransomware? Very. I typed “ransomware” into Google News recently and it returned over 4.2 million results in 0.26 seconds.

What businesses do the moment ransomware is detected makes a huge difference to the impact the attack can have on the organisation. Failure to act fast means that more files will be locked, more devices to be penetrated, and more money is lost. What organisations do in the ‘Golden Hour’ following an attack is crucial, and what they achieve in this precious 60-minute window is dependent on how well armoured they are beforehand – or else we could very well be staring a modern-day hostage situation straight in the eye.
 
“Terrorists win” – or not?
In the past, ransomware was something that only affected a few unlucky people who were forced to pay a couple of hundred dollars to regain access to their locked-out laptops. The Federal Bureau of Investigation (FBI) announced back in 2016 that the ransomware business will cross the $1 billion thresholds in the same year. Fast forward to present time, it is a multibillion-dollar-a-year industry, as cybercriminals pin the bullseye on vulnerable organisations.
 
According to a ransomware survey we conducted with 12,000 consumers across the world, 40% of consumers consider CEOs to be personally liable for ransomware breaches, and 44% would stop using a company’s services if it fell victim to an attack. Compounding the risks, 20% of paying victims never have their stolen data returned.

In fact, Asia Pacific that’s home to regional business hubs, continues to experience a higher-than-average encounter rate for malware and ransomware attacks – 1.6 and 1.7 times higher respectively than the rest of the world.
 
Agents of (cyber) shield
Much of the most important work that goes into resolving a ransomware attack happens long before it is first detected. Think of it this way – you can’t treat a patient without the right medical kit, and a company can’t fight a ransomware infection without detection capabilities and a strong data backup and recovery strategy.

Mission-critical data is the chief target of any attack. As a company’s most precious asset, its loss or theft can bring operations to a shuddering halt. To avoid this, organisations must bring their data estate under control.
 
No surprises here – a strong frontline defence is essential to protecting your organisation from ransomware, but you need more to confidently take on the threat. Cybercriminals are engineering sophisticated forms of ransomware capable of circumventing frontline security and taking advantage of modern multifaceted IT infrastructure.

Ransomware targets your people, not your IT system.
 
Here is a four-step checklist to build resilience against cyber felons with ill intent.

• Protect your IT systems by implementing the necessary personnel training to identify security gaps and invest in malware prevention tools and access management systems. A great deal of ransomware training tends to focus on the fear factor and present worst-case scenarios. Yet, there’s a danger this could make staff less likely to come forward if they’re afraid they may have caused great damage. It’s important for companies to create an environment where no one is afraid to raise the red flag when ransomware is detected.

• Mitigate the impact of an attack by analysing the scope of infection and responding immediately with remediation tools. Start by understanding data and infrastructure – where and how data is stored and who can access it.  

Armed with this information, you can develop baseline measures for data and infrastructure behaviour, then establish reporting to alert administrators of unusual activity. Once notified, IT teams can take rapid action to deter ransomware from doing damage.  

• Consistently monitor your IT environment by running anti-ransomware and intrusion detection tools. In diverse IT environments with hundreds or thousands of servers, manually recovering data can be nearly impossible. If malware corrupts backup data, restoring it could do more harm than good.

• You’re only as good as your last backup – make multiple copies of backup data on at least two forms of media and use air-gapped and immutable storage to defend against destruction or encryption. You should also ensure the correctness of your backups by testing the recovery and restoration of the data frequently.

Time is ticking
All it takes is one slip-up for perimeter walls to come crashing down. A hardy defence mechanism isn’t just based on your ability to prevent an attack; it’s whether you can weather the storm and, most importantly, protect data wherever it might be – from edge, to core to cloud – before it grows into a business-destroying crisis. Being confident that your last line of defense – the backups of the mission-critical data – is well protected and recoverable allows you to stay laser-focused on restoring the business during the ‘Golden Hour’ instead of debating with your leadership team if you should concede with the attackers and pay the ransom.