Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

// // //
08:35 AM
Nick Claxson
Nick Claxson
News Analysis-Security Now

More Security Might Not Cure Ransomware

Ransomware is definitely a security issue, but 'more security' may not be the solution so many are looking for.

Hollywood scriptwriters must have been kicking themselves when cyber thieves came up with the idea of ransomware. It has well and truly captured the imagination, driving genuine fear into the hearts of many business leaders who had hitherto paid little attention to cyber threats in general.

The really clever thing about ransomware is that the crimes are rarely targeted at "obvious" pools of valuable data such as credit card records and banking information. Ransomware is at its most supremely evil when it strikes at data that you (and possibly only you) find valuable. A little like the act of kidnapping someone's pet dog; the market value is irrelevant -- it's how much it matters to the owner.

The net effect of this is that the usual cyber targets (banks, other financial institutions, etc.) aren't bearing the brunt of this threat. It's at least as likely to be research institutions, healthcare providers, pharmaceuticals, utilities -- any sector where having data held to ransom could be ruinous.

What if the answer isn't "more security"?

You've got to hand it to the cybersecurity industry. They've made hundreds of billions of pounds over the years, and yet seem no closer to actually stopping cyber attacks than when the first computer viruses were created. Rather than becoming discredited, this apparent failure is its own reward; encouraging customers to consider how much worse things would be if they didn't keep buying security solutions. You need merely whisper "ransomware" to experience a sales onslaught of weird, wonderful and ultimately expensive ways of protecting yourself -- but with zero guarantee they will work.

This is sheer madness; a snake eating its own tail. It's time to stop thinking of ransomware as a failure of security and start calling it what it really is: a failure of effective data management.

Boring old backup saves the day
The first lesson in data management is to backup regularly. In data-intensive sectors, this can be far easier said than done. Pulling very large data sets into a coherent backup process is often complicated by inefficiencies and data infrastructures that have built up over time. This, in turn, can lead each backup to be a lengthy process -- six to eight hours is not out of the ordinary -- which discourages IT professionals from performing them frequently. As a result, many organizations have a disconnect between how often they would like to perform backups (typically daily) and how often they manage to (weekly, monthly or even quarterly).

This is a recipe for catastrophe should some unforeseen event disrupt your IT systems. One such event could be a ransomware lock-out, leaving you with a backup copy that may be considerably out of date.

Why pay criminals for data that you already have?
Read the news reports about ransomware and you'll spot an Achilles' Heel in the criminal masterplan. Namely, that if the victim kept an up-to-date copy of its data, there would be no need for them to pay to get it back. Such an event would still constitute a serious security breach, but at least they'd have their precious data.

More and more organizations are waking up to this simple truth by instigating a three-pronged strategy to address the ransomware problem:

Stream 1: Education
Ransomware is an infection that usually requires people to do things they shouldn't. Like any modern threat, ransomware relies on the concept of 'social engineering' and other human factors. The best way to counter this is by involving your people in relevant education programmes. Be sure to include everyone who has access to email, computers and servers in your organisation.

Stream 2: Cybersecurity vigilance
The cybersecurity industry might be behind the curve on ransomware, but that doesn't mean you shouldn't leverage solutions that stop the easiest 95% of known attacks from getting through. Whether you run endpoint antivirus or network-based security (or both), this is a vital layer of defense. Also, ensure that you decommission out-of-support/end-of-life data management software and always run recommended patches and updates.

Stream 3: Get serious about backup to enjoy total data protection
Modern IT backup solutions take frequent, incremental backups every minute or so. Being incremental means you never stress your network out (or your IT staff) by repeating entire backup processes. Should your business encounter ransomware and the inevitable demand for money to unlock your data, you can safely ignore it. Simply roll back your data to the second before the attack struck. This way, you can be assured that your valuable data and systems continue running and the malware cannot be retriggered.

To conduct incremental backups, backup appliances need to be updated to detect and record block-level changes from snapshots, taking individual backups at hundreds of points per day. Some solutions supplement this with the capability to detect ransomware inside a backup, and notify IT staff accordingly. This mitigates the spread of infection.

Taking away the power of ransomware's extortionists feels good, but it requires a combination of effective security measures and a nimble, continuous backup process. Only then can you have a data governance process worthy of the name, and a cast-iron insurance policy against anyone who claims to have kidnapped your data.

Related posts:

Nick Claxson is managing director of Comtec Enterprises.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-11-26
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query strin...
PUBLISHED: 2022-11-26
drachtio-server 0.8.18 has a heap-based buffer over-read via a long Request-URI in an INVITE request.
PUBLISHED: 2022-11-26
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
PUBLISHED: 2022-11-26
In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.
PUBLISHED: 2022-11-25
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.