Ransomware and disaster recovery plans

Disaster recovery is a basic element of good continuity planning. Business continuity planning–in the case of schools, the better term might be organisational continuity planning– refers to the broad range of plans created so that a institution can continue to be operational no matter what negative event might occur. Business continuity planning addresses severe, catastrophic events, loss of the top leader or other principals in the organization, severe natural disasters that incapacitate a physical location, etc. Disaster recovery planning is one piece of this broad planning. Specifically, disaster recovery plans refer to how to quickly recover from some event that compromises your IT infrastructure.

In general, smaller schools – which often have limited IT support staff – will utilize the services of a managed service provider to develop disaster recovery plans. One piece of your disaster recovery planning needs to address how the business can protect its data from a ransomware attack. Unike more well known viruses, ransomware doesn’t just access your data, it locks it down so it is unusable. The business model behind this approach is simple: They are betting you will have no segregated backups and will be willing to buy back access to your data.

The only real defense against a ransomware attack is offensive. Just routinely making backups of your data may not necessarily protect it from being held hostage. Talk to your managed service provider about the design of your backups and how they are structured so that you will always have a “clean” copy of your data. If you want to defeat the designers of ransomware, your only real solution is to have uninfected backups. As long as you have these, you can simply refuse to pay the ransom. In the case of this virus, offense is the only defense that will keep your data safe.

How to avoid falling victim to ransomware

We hear routinely in the news that a major corporation or government agency has had its data integrity compromised, with millions of pieces of personal data accessed. In these cases the criminals behind the attack hope to get money by selling that data to other criminals. In the case of ransomware, the criminals want your money, and try to get it by holding your data hostage. Plain, old fashioned kidnapping with a hi-tech spin.

What can you do to avoid falling victim?

Prevention is the best cure. Follow standard “data hygiene” principles that you probably hear about all of the time. Update your OS, software, and apps whenever a new release or patch is released. Do this ASAP. Some patches may be released solely as a result of the discovery of a vulnerability. Watch out for phishing scams. If anything looks “off” about an email, don’t open it. And never open links you aren’t totally sure of. If unsure, send an email back to the sender to verify they actually sent you a link.

The most important thing you can do to make sure your data cannot be held ransom is strictly adhering to a regimen of backups. Routine backup your data. However, even backups may not be foolproof. If your data has been infected and you are unaware of it, or the backup is not segregated from your network, your backups may also be corrupted. Given the severe consequences of a ransomware attack, consider having a security evaluation done by a managed service provider who will have the security expertise to advise on the best backup protocols for your situation.

What is ransomware and why is it so bad?

This cyberattack scheme isn’t new, but it has become increasingly common over the past several years. Many of the viruses lurking out there steal data to be used for nefarious purposes. The goal has long been to access important financial and personal data that can be sold off. For example: Credit card numbers that can sold and used to buy things. Social security numbers that can be sold to be used to create fake identities. In the case of many viruses, victims may never even be aware their data has been accessed. Typical malware and spyware tries to go undetected. Not ransomware. Ransomware generally does not access your data to sell off to criminals. Instead, the virus kidnaps your data until you pay ransom.

Ransomware stops you from using your PC, files or programs. It holds your data, software, or entire PC hostage until you pay a ransom to get it back. When an attack occurs, you suddenly have no access to a program or file – A screen appears announcing your files are encrypted and that you need to pay (usually in bitcoins) to regain access. In some cases there may be a nerve wracking clock ticking down to the deadline for the ransom payment. Some versions are so sophisticated they even have mini-call centers to handle your payments and questions.

Ransomware stands out from most viruses in that you really have no option once an attack has been made. You either pay up, or lose the data. The only sure answer is a safe, clean backup. In that case, you are stuck with the nuisance of restoring your data with the backup, but you aren’t out any money. However, this comes with a caveat: your backups have to be clean. The problem with ransomware viruses is that just making backups may not be sufficient to protect your data, as the backups can be infected also. The only answer is to be aware that these viruses are out there and that you have to make careful, specific plans to protect your data. It is important that your backup and disaster recovery plans are designed with a ransomware attack in mind. When it comes to making data security and disaster recovery plans you should consider bringing in experts with a strong background in this field. Lost data is not something any organization can easily recover from.

Three responses after a Ransomware attack

If you are unfortunate enough to be the victim of a ransomware attack, there are basically only three options open to you. Ransomware is a type of computer virus that kidnaps your data and holds it hostage for money. It has become increasingly common attacking governments and all manner of business and non-for profits, including educational institutions.

Why is ransomware so nasty? Because it steals one of the most important confidential thing your school possesses. Personal data. Worse, once infected there isn’t generally a way out. No one can “disinfect” your machine. You aren’t going to be able to call in IT support to solve the problem. Basically, you have three options.

1. Pay the ransom. This payment is usually via credit card or bitcoin (a digital currency). Some ransomware viruses even provide help lines if you’re having trouble. Of course there are no guarantees your will get access to your data – these are thieves you’re dealing with.
2. Don’t pay and lose your data – This has its obvious downsides, unless…
3. You have a safe, clean backup. In that case, you are stuck with the nuisance of restoring your data with the backup, but you aren’t out any money. However, this comes with a caveat: your backups have to be clean. The problem with ransomware viruses is that just making backups may not be sufficient to protect your data, as the backups can be infected also.

As you can see, the first two options aren’t very favorable solutions. The only real defense against an attack is the third option. You have to be prepared ahead of time with a safe, segregated backup. Be sure to get the advice of a specialist on how to protect your data from this very serious threat to your institution.

Things to consider before switching to the Cloud

More and more businesses are switching to the Cloud to store their data and rightly so. The Cloud offers numerous benefits over the traditional, physical on site server. For example,

• Anytime, anywhere access to your data: Information in the Cloud can be accessed from anywhere using an internet connection, unlike in the case of traditional servers, where you need a physical connection to the servers
• Significant cost savings: You cut hardware costs, because the Cloud follows a ‘pay-as-you-use’ approach to data storage
• SaaS compatibility and support: The Cloud allows the use of Software-as-a-Service since the software can be hosted in the Cloud
• Scalability: The Cloud lets you scale up and down as your business needs change
• 24/7 monitoring, support, and greater access reliability: When your data is in the Cloud, the Cloud service provider is responsible for keeping it safe and ensuring it is securely accessible at all times. They monitor the Cloud’s performance and in the event of any performance issues, they provide immediate tech support to resolve the problem

Your big Cloud move: What to consider

If you are considering moving to the Cloud, you will find it helpful to sign-up with an MSP who is well-versed with the Cloud. They can advise you on the benefits and risks of the Cloud and also offer the Cloud solution that’s right for you. In any case, before you migrate to the Cloud, make sure you are dealing with a reputed Cloud service provider who has strong data security measures in place. You can even explicitly ask them what security mechanisms they have invested in to manage data access and security.

Yes, moving to the Cloud has it benefits, but it also has its challenges including security risks. Learn more in our next blog, “Is the Cloud really risk-free?”