According to the Veeam 2024 Ransomware Trends Report, 75% of organizations suffered a ransomware attack last year. Many of them paid the ransom, but the ransom only covers 32% of the overall cost caused by disrupted operations, sales, and reputation to organizations. All of this accounts for the billions of dollars that are lost to cybercrime each year. Organizations that can either prevent ransomware attacks or protect their data against attacks can save themselves sifromgnificant recovery costs, reduce the risk of having their operations disturbed, and protect their reputation.
It’s vital to implement ransomware protection measures early. Once an attack has taken place, it’s most likely too late if you don’t have robust data protection measures in place. This is because ransomware attacks can involve different tactics and techniques to penetrate networks, systems, backup repositories, and backups.
Understanding Ransomware
A ransomware attack comes in many forms, ranging from simple “scareware” pop-ups to more sophisticated screen lockers that prevent people from logging into their devices. A successful ransomware attack encrypts files and then threat actors demand that the victim pays a ransom to decrypt their files. Ransomware attacks to individuals also exist, but aren’t as frequent since it’s less remunerative.
There are other cyber extortion tactics too, including data theft and exfiltration threaten to make any private or sensitive data public and request a ransom.
Ransomware demands payment in cryptocurrency — typically bitcoin — to avoid tracking.
Some of the most common ways organizations’ systems are compromised include:
- Phishing: A threat actor will pretend to be a trusted contact like a colleague, bank, customer service, or social media platform to get you to click on a link or download an attachment that contains malware.
- Accessing malicious websites: Often in phishing emails, malicious websites will masquerade as a legitimate website and often have a URL that’s similar to a trusted site. Many of these URLs will include typos and uncommon domain extensions (e.g., .biz, .buzz, .xyz etc.). These sites are used to collect data and, in some cases, money transfers too.
- Falling behind on software updates: Out of date software could also have unpatched vulnerabilities. Threat actors exploit known unpatched vulnerabilities to gain unauthorized access or inject malicious software. The vast majority of disclosed software vulnerabilities already have a fix, which means your software has to be updated with the latest releases or patches to address those vulnerabilities.
- Poor password/credential hygiene: Credential information like passwords can be leaked to the dark web without users knowing they’ve been compromised, and cybercriminals can use these credentials to access systems. There are also brute force attacks that can occur, where trial-and-error is used to guess passwords or encryption keys until the correct one is found. Lengthy passwords, constant password changes, and multi-factor authentication (MFA) can go a long way to preventing your organization from being ompromised.
Top 6 Best Practices to Protect Against Ransomware
While the saying that prevention is better than a cure still holds true, it’s impossible to prevent all current and future threats since cyberattacks and malware prevention is essentially an arms race. Basic best practices, such as choosing strong passwords, using malware detection software and endpoint protection tools can go a long way toward reducing the risk of ransomware attacks. Also, having steps in place to minimize the damage that a ransomware attack could have also a good precaution to take.
1. Use Immutability Wherever You Can
Setting up immutable backup and storage targets can offer protection to allow you to recover quickly from ransomware attacks. In the past, this was difficult to implement. Modern data protection and backup solutions make it easier to create immutable targets and storage pools to protect your data against ransomware.
2. Create Encrypted Backups
Organizations who aren’t already encrypting backups must start doing so now. Backups aren’t designed to be accessed frequently, so any performance overhead that comes from encrypting them is minimal and the benefits of encrypted backups in terms of security are too significant to ignore. Encryption makes it more difficult for attackers to access backup data and would also help prevent other unauthorized access and data leaks.
In addition, ensure your encryption keys are stored securely and are accessible for the right people when needed.
3. Verify Your Backups Regularly
Check the integrity of of your backups and verify that any automated backups are running as expected. Verifying backups doesn’t take long and provides peace of mind that your data can be recovered. Spending a few minutes each week or month to double-check backups could save a lot of stress when the time comes for data recovery and having regular automated simulations of recovery plans might be part of this process.
4. Limit Access to Backups
Every user that has access to backups is a potential attack vector. Stolen credentials are the most common way for data breaches and ransomware attacks to start. By limiting who has access to backups, you can reduce the severity of any unauthorized data access. The principle of least-privilege is good to keep in mind, and even if your systems are compromised, limiting access overall will prevent attacks from taking further damage.
Administrators must ensure users only have access to what they need is a practical first step.
5. Proactively Monitor Your Systems
Ransomware attacks are constant, and antivirus or malware software isn’t guaranteed to pick up on the newest variants. Using tools to watch out for indicators of compromise (IoC) can help spot suspisious activity or malicious software before an attack. For example, if a backup job has been changed or files that aren’t usually touched are being altered, this could be a sign of ongoing cyberattacks.
Being alerted to IoCs allows organizations to take data offline or move it to a “cleanroom” environment to start investigating the cause of unusual behavior before potential bad actors can cause damage.
6. Have a Data Recovery Plan
A data recovery plan should be a part of your broader business continuity strategy. For organizations with a plan in place, frequent testing is key. By following best practices and verifying that backups can be recovered, organizations are in a much better position to respond t ransomware attacks
Running roleplay scenarios to see whether all your data can be recovered in the event of an attack can help too. Contaiment and removing malicious software is critical in any good incident response strategy. It’s highly recommended that you can test and review plans regularly, especially when there are new components, new versions, or changes in the digital infrastructure.
Recovery plans should be well-documented and well-known amongst stakeholder teams that would have to execute them.
Ransomware Protection Tools and Solutions
To safeguard organizations from ransomware attacks, up to date tooling and solutions can improve your defenses. Data monitoring and reporting tools like Veeam ONE can help keep track of the state of your data backup environments and alert you of any suspicious activity or changes. Plus, make sure your backup repositories are using explicit credentials. Veeam Data Platform is constantly adding security features to prevent and detect malware, IoCs, and potential ransomware attacks.
Endpoint Security Solutions
Endpoint security focuses on protecting mobile devices, laptops, and other endpoints from malicious activity. Endpoint security is important due to the recent increase in cyberattacks and the number of people working from home and remotely accessing corporate networks. Endpoint security includes antivirus and anti-malware software as well as endpoint detection and response (EDR) products. Examples of endpoint security solutions include CrowdStrike, Avast, ThreatLocker, Carbon Black, and SentinelOne, among others.
Backup and Recovery Platforms
Backup and recovery platforms are solutions that deduplicate data and store it in a secure place in the case of loss or damage and restore it to another location so it can be used again when issues arise. Backup refers to how to save and protect production data and store it safely in case of an incident. Recovery is the process of retrieving this information and restoring it to production systems to avoid downtime should the organization face a cyberattack or other disaster. Veeam Data Platform is an example of a backup and recovery platform.
Network Security Solutions
A network security solution helps secure computer networks and protect them from cyberattacks. Different solutions focus on protecting different aspects of the network, with some emphasizing fortifying your security perimeter and others restricing internal activity to protect your data from the inside. Firewalls and virtual private networks (VPNs) are common network security technologies and examples of network security solutions include Cisco, Palo Alto Networks, and Zscaler.
Cloud Security Solutions
Cloud security solutions refer to the technologies, policies, and controls that are designed to protect cloud-based infrastructure, applications, and data from unauthorized access, data breaches, and cyberattacks. These solutions ensure the confidentiality, integrity, and availability of cloud resources and cloud security provider include Palo Alto Networks, Symantec, and all hyperscalers.
Security Information and Event Management (SIEM)
These are tools that are used to collect and analyze security events. They gather logs from various sources and correlate them with identify threats.
Security Orchestration, Automation, and Response (SOAR)
These are tools for automating security workflows that focus on streamlining incident response and reducing manual effort.
Case Studies: Successful Ransomware Protection Strategies
Veeam has worked with many organizations and helped them avoid the impact of ransomware attacks. One recent success story is the City of Sarasota. Veeam Data Platform and Veeam Backup for Microsoft 365 have helped the City of Sarasota avoid paying out a $34 million ransomware bill.
Sarasota is a city that is often hit by hurricanes and floods, and the city’s officials wanted to ensure that their residents had uninterrupted access to city services. The city offers many digital services for their residents, ranging from bill payments to storm preparation. They chose Veeam as their backup provider because it was easy to implement and manage. After using Veeam’s tools for about a year, Sarasota was hit with a ransomware attack that encrypted three of their file servers and demanded a ransom of $34 million in Bitcoin.
Rather than pay the ransom, Sarasota recovered their Veeam backups. This process was easy and quick and allowed them to get all their data back without interrupting their ability to deliver services to their residents. After this successful recovery, they decided to take a more proactive approach to ransomware protection and added more backups to their workflow.
The 3-2-1-1-0 Rule is now a key to their backup process. They take three backups on two different media. One copy is stored off-site, one copy is immutable or air gapped, and they accept no backup recovery errors. Thanks to this implementation, they can feel confident that, should they experience another ransomware attack, they’ll be able to turn to their backups and recover all their data safely once again.
Protect Your Data from Ransomware with Veeam
Ransomware is a threat to businesses of all sizes. Since the tools used by attackers are so sophisticated, it can be challenging to protect yourself against these attacks. Storing backups on the same network as your existing data isn’t good enough to protect against ransomware since threat actors apply lateral movement tactics to explore networks and systems. They target production and backup files to encrypt.
To fully protect your data, organizations need to take encrypted backups that are stored separately from the files you usefor daily operations. Redundancy in the form of multiple backups is also useful since the redundant copies will still be available if an attack goes unnoticed or in the case of an outage or issue with a backup.
Veeam offers backup and recovery solutions for different workloads and platforms, including on-premises, cloud, and SaaS backup solutions that are tailored to the tools and platforms that organizations use in their daily operations. Veeam’s immutable backup functionality and features like Veeam Vault offers secure and robust storage that can protect your data and help you recover quickly from ransomware attacks.
Getting started is easy, and there is a range of pricing tiers to choose from depending on the solutions you choose for your specific data protection needs.
If you’d like to know more about how Veeam can help protect your organization from ransomware and other digital threats, learn more here or contact an expert.