Ransomware 101: Keeping the lights on when hackers attack

Ransomware has become an inescapable part of the cyber world. Year on year the number of ransomware attacks reported continues to increase. According to IDC’s research, about 50% of organisations suffered an unrecoverable data loss in the last three years and cyberattacks surged 238% between February and April 2020. Not only this, but the cost of these attacks is also on the rise. In 2015, Cybersecurity Ventures predicted that ransomware would cost victims $325 million globally, but by recently that prediciton has grown $265 Billion by 2031.

 Although ransomware attacks are a matter of ‘when’ not ‘if’ for today’s businesses,it is important to note that all these attacks have one thing in common; attackers are largely reliant on a business’ inability to recover data and resume operations. This inability to recover, or downtime, is not only the greatest leverage threat actors hold over organisations, but it is responsible for the largest monetary loss experienced in the event of a ransomware attack.

The true cost of downtime

As technology has evolved, so has the sophistication of ransomware attacks. This is not only concerning in terms of prevention, but also makes it exponentially more difficult for organisations to recover. Ransomware rarely affects just one machine, the malware is designed to infiltrate and bring down entire networks. When this occurs,  organisations not only lose data, but they lose hours of manpower if they cannot recover the data and/or get back up and running.

As a result, recent reports have demonstrated that the cost of downtime is almost 50 times greater than the cost of the ransom itself, with the cost increasing to an average of $274,200, compared to the average cost of the ransom which comes in at just $5,600. This is unsurprising when you consider that businesses can endure a staggering 21 days of downtime after an attack.

Prioritise recovery

Today data is more valuable to an organisation than gold. This is why, when an attack occurs the most widely reported repercussion of the attack is often data loss.

Business-critical applications and services run on data, when that is compromised the priority must be recovery. Since the days of tape and remote disc devices, both ransomware and backup services have evolved significantly. Backing up data once a week or even daily is no longer sufficient for maintaining business continuity should an attack occur.

Continuous Data Protection

When it comes to avoiding the true cost of cyber attacks, thinking exclusively in terms of backup is far too limiting. The process of protecting your data by creating an extra copy is one thing, but organisations need a recovery plan that focuses on limiting downtime and restoring operations in minutes or seconds, not days or weeks. For this, Continuous Data Protection (CDP) is one of the most effective methods an organisation can adopt. CDP has always-on replication and journaling technology which ensures the protection of every change that’s made to an application in real-time while keeping content current. A CDP solution can enable recovery of an organisation’s entire site and applications within a few minutes with only several seconds of data loss – and no downtime.

Related:   MMO game malware targets children

Implementing CDP

When adopting a CDP strategy, there are a few considerations that businesses should be aware of. Firstly, organisations should take a zero tolerance approach to downtime. As the largest cost in any ransomware attack, businesses should refuse to accept downtime as a ‘normal part’ of a cyber attack and instead prioritise strategies that recover data in a matter of seconds or minutes, not hours or days. When implementing CDP this needs to be at the forefront of any business’ mind.

Secondly, it’s important to identify and prioritise vulnerabilities. Like any disaster recovery strategy, one of the most worthwhile practices for an organisation is to put itself in the mind of the attacker and identify its main vulnerabilities.  Consider how these put you at risk of a ransomware attack and how best this vulnerability can be limited. IT teams are often very capable of carrying out such inequities, but professional penetration tests can also be incredibly valuable in this regard.

Workload mobility – the ability to move applications and their associated data to a new environment with zero downtime – should also be highlighted as a key concern for businesses looking to adopt CDP. Outside of cyber attacks, moving data is one of the main activities that can cause downtime. Businesses should assess how modernised its infrastructure is and consider updating it if it is unable to handle the required workload.

Finally, CDP planning and implementation should focus on multi-cloud agility because being able to move applications from legacy on-premises environments to public cloud services is an increasingly essential requirement for modern business.

Looking forward

It is no longer a matter of if a cyber attack will strike, but when. And when it does come, one of the mostly costly repercussions an organisation will face is the downtime caused as a result. Downtime caused by data loss is the real killer, and recovery time should be the most important goal of any disaster recovery solution. Data protection and recovery strategies can no longer just be checklist items — they’re must-have investments for every organisation.

Technology Evangelist at

Leave a Reply

Your email address will not be published. Required fields are marked *