How to Strike Back Against Ransomware

For most people, a ransomware attack is an abstract issue. News of an automobile giant who had to down tools and pay a huge ransom is, of course, shocking but distant. Every one of us – the individual – may be safe from such attacks.

But what about your company?

In reality, ransomware attacks can target enterprises, individuals, and operating systems, networks, and business processes. That said, it is much more serious for enterprises. According to the 2022 Data Breach Investigations Report, ransomware breaches have increased by 13% – more than the last 5 years combined – with 62% of incidents in the system intrusion pattern involving threat actors compromising business partners.

What ransomware can cost you

During an attack on an enterprise, ransomware aims to steal and delete all data and data copies stored in the local and even disaster recovery (DR) centers, making it hard to recover data and causing the leakage of private and confidential information. The enterprise is then blackmailed with ransom and risks damage to its brand image, loss of business, and other legal and labor costs. This collateral damage – sometimes as high as 23 times that of the initial ransom – can cripple any company. Cybereason reports that 49% of enterprises that pay a ransom retrieve only part or none of the lost data, and that such enterprises are 80% more likely to be targeted by ransomware again.

Why ransomware can hit your systems so badly

• Stealthy ransomware strikes in disguise

Ransomware infects the system by exploiting zero-day vulnerabilities (system or device vulnerabilities that have been disclosed but not yet patched), through phishing emails, or by physical attacks, often lurking in your system for months before launching an attack. It will not encrypt data or demand a ransom until it obtains higher privileges to access core mission-critical data.

Hackers, too, usually work in the dark, that is through darknets, to demand a Bitcoin ransom, before encrypting the payment link to make it near-impossible to trace. Darknet, cryptocurrency, and payment link encryption create an iron triangle, causing great damage to their victim.

• Malicious attackers require ransom and more

Cybersecurity Ventures reported the global losses caused by ransomware attacks reached US$20 billion in 2021, 61 times the US$325 million recorded in 2015. Ransoms are also just part of the problem, as enterprises also need to deal with brand damage, long service interruptions, legal liability, and other issues. Check Point reports that, on average, the total costs arising from a ransomware attack is more than seven times higher than the ransom paid in 2020.

• Stolen or deleted data is hard to recover

Typical ransomware attacks steal and delete all data copies stored in your local and DR centers. This lack of resilience will likely impact services, making it hard to recover data, but more importantly, exposing mission-critical information to outsiders. According to Sophos, the average time needed to recover from a ransomware attack is 16 days, and the cost of recovery from extortion attacks increased from US$761,000 in 2020 to US$1.85 million in 2021.

• Ransomware as a Service (RaaS)

Ransomware attacks are now low-cost and simple, and can even be customized and commercialized, made into products available through memberships and subscriptions. This subscription-based business model has pushed the threat of ransomware everywhere.

Safeguard your data with Ransomware Protection Storage Solution

Put simply, your business environment needs a ransomware protection solution. But why is a storage-based solution necessary? Where traditional data security measures focus on the network, such as firewalls and security gateways, these fail to detect evolving ransomware attacks. Improved malicious techniques increase the chances of your system being infected with a virus, causing the network layer, while designed to prevent, block, scan, and eliminate ransomware, to be rendered useless.

To prevent core data leaks, companies must make data protection a top priority and that starts with upgrading existing technologies to eliminate potential risks. That’s why we released the Huawei Ransomware Protection Storage Solution.

To help enterprises defend against ransomware and quickly restore production data, the Huawei solution is expertly designed with four-layer ransomware protection.

• Layer 1: production storage. Here, the detection and analysis feature intercepts ransomware strikes, identifies virus features, and blocks virus encryption from known ransomware attacks.
• Layer 2: production storage – uses secure snapshot and WORM anti-tamper technologies to protect data copies from being encrypted. In the unlikely event the data is encrypted, the secure data stored on the production storage can be used for quick recovery.
• Layer 3: local backup storage. This layer is important if the ransomware encrypts or damages production data. In this case, the clean data copies stored on backup storage can be used to quickly restore data.
• Layer 4: the isolation zones of the production and backup storage. If both production and backup data are lost due to ransomware attacks, the clean copies stored in the isolation zone of the production or backup storage can be used to quickly restore data.

This four-layer protection is used to proactively detect and intercept ransomware that has been missed at the network and host layers, which are deployed before storage and may already be infected by viruses. The Huawei Ransomware Protection Storage Solution not only reduces data loss, but also ensures a clean data copy is always available for quick data recovery. Enterprises simply cannot afford the losses associated with ransomware, so protect your storage and prepare for the future, today.

Learn more about how the Huawei Ransomware Protection Storage Solution can protect your business.

Disclaimer: Any views and/or opinions expressed in this post by individual authors or contributors are their personal views and/or opinions and do not necessarily reflect the views and/or opinions of Huawei Technologies.