4 Steps to Defeating Ransomware in Government, Healthcare, and Education

MARCH 12TH, 2020
Every organization must be concerned about ransomware attacks. According to Malwarebytes, users of their software saw a 363 percent year-over-year increase in ransomware attacks between the end of Q2 2018 and 2019. At one time, ransomware attacks focused on soft targets like individuals who don’t have security solutions or don’t understand how ransomware works. But attackers soon realized that the financial returns from individual attacks pale in comparison to attacks targeting government, education, and healthcare organizations.

Money is the Driver

The average ransomware payment amount increased by six times between 2018 and Q3 2019, to $41,198. That’s a big number, especially when you consider that ransomware prevention and planning can cost a lot less. But it gets much worse: according to security firm Coveware, people are actually paying these lofty ransoms. December 2019 saw the average ransomware payment jump to $190,946. That certainly explains why ransomware attacks against Malwarebytes consumer software dropped 12 percent, year over year and 25 percent quarter over quarter in Q2 2019.

Government, Education, and Healthcare Are the New Big Ransomware Targets

While hackers continue to evolve their approach and targets for ransomware, the trend is clear: fewer targets with richer payouts are more attractive to hackers than scattershot attacks on individuals. Businesses are certainly big ransomware targets, but in the first seven months of 2019, two-thirds of ransomware attacks targeted state and local governments. The reasons these entities are front line targets is pretty simple: They typically have outdated legacy systems and data protections, and limited IT staff. They’re a relatively easy mark for attack. How bad is it? Emsisoft reports that in 2019, ransomware attacks hit 966 government agencies, educational establishments, and healthcare providers at a potential cost in excess of $7.5 billion. So, what’s holding these organizations back from securing their data? The fact is, many of them fail to implement basic and well-established best practices, even when legally required to do so. That’s often due to constrained budgets, lack of training, and a lack of expert staff. But, with ransomware fears now front and center, these organizations need to take action today. But where do you start?

Step 1: Create an Effective Backup and Disaster Recovery Plan

Aside from ensuring you have adequate defenses against malware and other attacks in place, the first step in creating a backup and disaster recovery plan (DR) is to determine your recovery point object (RPO) and recovery time objective (RTO). Your RPO identifies the highest priority data and systems, so you can recover them with minimal data loss. For instance, if your RPO is 15 minutes, you must ensure you’ll only ever lose 15 minutes’ worth of data. Your RTO specifies the amount of time you’ll need to recover the high-priority data identified in your RPO. With these metrics in hand you can now identify a DR plan that meets those requirements.

Step 2: Make Continuous Data Protection a Priority

Because you never know when an attack will come, it’s critical that your data is protected to minimize data losses (as defined in your RPO). Continuous data protection (CDP) is the solution. CDP snapshots data as it is written to disk, tracking and capturing all changes as they take place over time, and providing organizations with the ability to recover files, folders, or a complete network share from specific points in time.

Step 3: Replicate Your Data Offsite or to the Cloud

If your backups reside on the same primary systems you use to run your organization, any successful attack will also take down your backups. That’s why you need to replicate and store your backups on a secure, remote server or in the cloud. Better yet, replicating to both locations delivers the highest level of protection against the results of a ransomware attack. For even more redundancy, you may want to mirror hypercritical data to multiple cloud locations.

Step 4: For Ultimate Security, Consider Disaster Recovery as a Service

No matter how big or small your organization may be, staying ahead of evolving attack vectors isn’t easy. And a successful attack, as we noted, can be very costly. That’s why it’s worth considering enabling a Disaster Recovery as a Service (DRaaS) solution. With DRaaS you can rest assured that not only is your data protected, you also have a dedicated partner whose only focus is on ensuring the safety and recoverability of your data.   With government, education, and healthcare now clearly in the crosshairs of ransomware attackers, taking immediate action is an imperative. StorageCraft can help you accelerate implementing a solid BDR plan by providing the hardware and software you need to be confident that you are protected, and, with our partners, provide you with the expertise and support you need to meet the ransomware challenges ahead without fear.