cutimage - Fotolia


Have backups ready for ransomware recovery -- not the ransom

Criminals have turned encryption technology against businesses, and IT ops have to fight and sidestep ransomware attacks with basic best practices.

Businesses have been too complacent about backups and security, which allows ransomware to run amok.

While security breaches and data theft are the well-known bugaboos of corporate IT organizations, ransomware attacks highlight another real threat and a real lapse in IT operations vigilance that could have enabled relatively painless ransomware recovery. The very technology that IT organizations rely on to protect corporate data can be used to prevent data owners from accessing it. And no one values a business's data as much as that business does. Security breaches, in most forms, have a simple focus: make money. Given the amount of effort to pull off a data breach, most attackers want a payoff in the end. Before anonymous digital currency payments, data sales were naturally limited by traceability. With online anonymous payment came a golden opportunity for anyone looking to extort businesses: ransomware.

Ransomware attacks use security methods and encryption technologies to lock out the user from their own data. This means the technology in place to secure information is now attacking it. The objective is to extract a ransom from the business via digital currency in exchange for returned control. The effect on larger companies, government entities and healthcare organizations has been staggering. Ransomware provides an ideal approach for hackers because nothing gets stolen or transmitted, and they can infiltrate the system with malicious code via a simple file download or an unpatched system.

Chart of ransomware attacks
More than half of ransomware attacks originate in email.

IT operations professionals face a predicament with ransomware. The question isn't if you will be hit -- it's when and how badly. Plan for ransomware recovery, not prevention. It cannot be removed or cleaned like a virus. It might be deflected with a web shield, but if not, your only option is to pay the ransom. Unless, of course, IT ops has fastidiously maintained backups. Businesses can get around the data hostage situation when they restore from backups.

Make backups a priority

It is nearly impossible to educate all of your users and application owners not to click that bad link when a pop-up or page tells them to. Maintaining up-to-date patches on all systems, loaded with the latest security software, helps but does not guarantee safety. Perimeter protection is critical to ops and application owners during a ransomware outbreak, but it is not your ace in the hole.

Your primary ransomware recovery tactic is a solid backup strategy. Backups have always been a lower-tier function for IT operations. Everyone agrees that backups are important, but no one notices if they hiccup once or twice. Many people only think about backups when they need a restore -- otherwise, it goes on autopilot.

When a ransomware attack hits, IT ops needs to restore full VMs, databases -- even an entire data center. Have the IT operations team members established a restore plan with application owners? Was it tested? Don't stop at file-level restores. Ransomware recovery demands the ability to restore multiple interconnected systems with minimal data loss. That becomes a pretty tall order for operations teams that leave backups, well, in the background.

It's only valuable to protect and restore systems when you know how they work together.

Ransomware planning brings application mapping into focus as well. It's only valuable to protect and restore systems when you know how they work together.

IT operations teams need information on the interconnecting dependencies for a complex application that talks to and works with other systems. Don't expect the application owner to fully understand the complex inner workings of their modern, multi-tier application. Application mapping software, provided in tools from SolarWinds, Microsoft and Nagios, among others, gives operations a great X-ray viewpoint into existing deployments. In addition to protecting against new security threats, application mapping can verify software vendor claims about how their products work or are supposed to work.

The best defense against security attacks of all kinds is a deep, detailed picture of how applications work across the IT estate. It starts with collaboration among IT and application owners, designers and developers. Once IT ops has that full picture of the application stack, they can establish measures to prevent and recover from ransomware attacks and other threats as they appear in the data center. One thing is for certain: They are not going away.

Next Steps

Hackers have adopted the same as-a-service model as IT admins

Ransomware is bad enough -- extortionware only gets worse

Machine learning and artificial intelligence help block ransomware attack

Dig Deeper on Application Maintenance on Production Systems