Has your computer system been hit with a ransomware attack? It means your computer systems and security management is incompetent. Did you pay the ransom or did it take over half a day to completely recover from the attack and become fully functional? It means your computer systems administration is incompetent.

An easy way to understand this is to think about what would happen if your laptop computer got locked up by ransomware. While not something most consumers know, it’s possible to do a special reboot of such a computer that restores it to factory settings. Once you’ve got a clean computer, you restore everything (programs and data) from the most recent backup you’ve taken and you’re back in business. You don’t have a backup? Shame on you. With a service like Dropbox, older versions of your files are stored and kept, so you should be able to restore from there as well.

If you’ve got a major business with many services and databases, it is of course more complex – but the principles are the same. First, do a better job of protecting against the ransomware attack in the first place – and detecting it early if it gets in. Second, execute your disaster recovery plan, wipe your computers and restore them from backups. Even better, if you’re running a well-administered active-active system, the downtime should be no more than minutes.

Ransomware

Ransomware is a rogue program that gains access to all your programs and data, maybe sends all the data offsite, encrypts all the data so that nothing works. A ransom note is sent demanding so many Bitcoin
BTC
to be sent; if the ransom is paid, supposedly the data will remain secret and get unencrypted to be available for normal use. Otherwise, your systems will remain unavailable.

Most of the organizations that are hit with ransomware have computer administrators that are run by experienced professionals. Most of them follow the standards of their field, and most are regularly audited to assure that they conform to the applicable security regulations. But ransomware keeps happening!

How we can understand this? The answer is pretty simple: the attackers are using the latest methods of attack, while the defenders and regulators continue to spend lots of money and time following long-since obsolete procedures.

Ransomware actions and defense

The rogue program may enter your computers because of inadequate security or through a phishing (email) attack. Sadly, the vast majority of computer systems lack internal systems security systems; i.e., they try to guard the walls and doors of the computer castle, but have nothing monitoring the behavior of people and programs that are inside.

Because of this massive gap in security regulation and practice, the rogue program often does its evil thing for days before the data lockup is detected, and by then it’s too late.

Once the problem is detected or announced, competent disaster recovery techniques, which are supposed to be standard practice, should enable rapid restoration of service complete with all data, normally within hours when properly done. For the last couple of decades, a more modern form of always-on computing has been practiced by many companies, in which there are multiple copies of all the required hardware, software and data operating at multiple locations, each of them servicing some of the load and all of them containing all of the data. Ransomware is helpless against this widely proven method of computing. The incredible “success” rate of ransomware is testimony to how few institutions use this proven method.

For example, here’s Microsoft’s description of their disaster recovery solution (they call it site recovery). Here’s the equivalent at Amazon
AMZN
AWS, and specifically for ransomware. And here’s a case study of a hospital system that uses the service for disaster recovery and ransomware protection/recovery.

Conclusion

Ransomware is terrible, one of the major consequences of the much-lauded cryptocurrency technology. Its numerous victims every day demonstrates how bad standard computer security and regulations are. The fact that an institution can be locked for days and all too often pays the ransom demonstrates how bad standard computer systems administration and disaster recovery systems are. The usual methods to make things better don’t work.

There are many examples of companies large and small that are well-protected and that recover quickly should an attack succeed. The answers are out there. But because software is invisible, the vast majority of management can’t see it.

source