Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

// // //
08:35 AM
Nick Claxson
Nick Claxson
News Analysis-Security Now

More Security Might Not Cure Ransomware

Ransomware is definitely a security issue, but 'more security' may not be the solution so many are looking for.

Hollywood scriptwriters must have been kicking themselves when cyber thieves came up with the idea of ransomware. It has well and truly captured the imagination, driving genuine fear into the hearts of many business leaders who had hitherto paid little attention to cyber threats in general.

The really clever thing about ransomware is that the crimes are rarely targeted at "obvious" pools of valuable data such as credit card records and banking information. Ransomware is at its most supremely evil when it strikes at data that you (and possibly only you) find valuable. A little like the act of kidnapping someone's pet dog; the market value is irrelevant -- it's how much it matters to the owner.

The net effect of this is that the usual cyber targets (banks, other financial institutions, etc.) aren't bearing the brunt of this threat. It's at least as likely to be research institutions, healthcare providers, pharmaceuticals, utilities -- any sector where having data held to ransom could be ruinous.

What if the answer isn't "more security"?

You've got to hand it to the cybersecurity industry. They've made hundreds of billions of pounds over the years, and yet seem no closer to actually stopping cyber attacks than when the first computer viruses were created. Rather than becoming discredited, this apparent failure is its own reward; encouraging customers to consider how much worse things would be if they didn't keep buying security solutions. You need merely whisper "ransomware" to experience a sales onslaught of weird, wonderful and ultimately expensive ways of protecting yourself -- but with zero guarantee they will work.

This is sheer madness; a snake eating its own tail. It's time to stop thinking of ransomware as a failure of security and start calling it what it really is: a failure of effective data management.

Boring old backup saves the day
The first lesson in data management is to backup regularly. In data-intensive sectors, this can be far easier said than done. Pulling very large data sets into a coherent backup process is often complicated by inefficiencies and data infrastructures that have built up over time. This, in turn, can lead each backup to be a lengthy process -- six to eight hours is not out of the ordinary -- which discourages IT professionals from performing them frequently. As a result, many organizations have a disconnect between how often they would like to perform backups (typically daily) and how often they manage to (weekly, monthly or even quarterly).

This is a recipe for catastrophe should some unforeseen event disrupt your IT systems. One such event could be a ransomware lock-out, leaving you with a backup copy that may be considerably out of date.

Why pay criminals for data that you already have?
Read the news reports about ransomware and you'll spot an Achilles' Heel in the criminal masterplan. Namely, that if the victim kept an up-to-date copy of its data, there would be no need for them to pay to get it back. Such an event would still constitute a serious security breach, but at least they'd have their precious data.

More and more organizations are waking up to this simple truth by instigating a three-pronged strategy to address the ransomware problem:

Stream 1: Education
Ransomware is an infection that usually requires people to do things they shouldn't. Like any modern threat, ransomware relies on the concept of 'social engineering' and other human factors. The best way to counter this is by involving your people in relevant education programmes. Be sure to include everyone who has access to email, computers and servers in your organisation.

Stream 2: Cybersecurity vigilance
The cybersecurity industry might be behind the curve on ransomware, but that doesn't mean you shouldn't leverage solutions that stop the easiest 95% of known attacks from getting through. Whether you run endpoint antivirus or network-based security (or both), this is a vital layer of defense. Also, ensure that you decommission out-of-support/end-of-life data management software and always run recommended patches and updates.

Stream 3: Get serious about backup to enjoy total data protection
Modern IT backup solutions take frequent, incremental backups every minute or so. Being incremental means you never stress your network out (or your IT staff) by repeating entire backup processes. Should your business encounter ransomware and the inevitable demand for money to unlock your data, you can safely ignore it. Simply roll back your data to the second before the attack struck. This way, you can be assured that your valuable data and systems continue running and the malware cannot be retriggered.

To conduct incremental backups, backup appliances need to be updated to detect and record block-level changes from snapshots, taking individual backups at hundreds of points per day. Some solutions supplement this with the capability to detect ransomware inside a backup, and notify IT staff accordingly. This mitigates the spread of infection.

Taking away the power of ransomware's extortionists feels good, but it requires a combination of effective security measures and a nimble, continuous backup process. Only then can you have a data governance process worthy of the name, and a cast-iron insurance policy against anyone who claims to have kidnapped your data.

Related posts:

Nick Claxson is managing director of Comtec Enterprises.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file