What If Ransomware Was Just an Annoyance Rather Than a Crisis?

Imagine this: despite a strong firewall, your department is attacked by the latest ransomware that locks up all your employees’ devices right in the middle of the day, effectively stopping work.

Fifty minutes later, every device is back up and running, employees are back to work, your phone has gone blessedly silent, and the package of Tums you keep in your desk drawer lays undisturbed. And…you haven’t paid the ransom.

It’s possible. Here’s how.

It’s not just ransomware itself that’s a threat to businesses; it’s the increasing pace at which it evolves into ever more powerful superbugs that infect systems and evade detection.

The knee-jerk reaction from some in the security space: try to keep up with ransomware’s mutations by evolving prevention faster than the threat. But that game does not end in a winning proposition. While you may be able to defend your most valuable servers, it’s not uncommon for the attacker to find their way in through your endpoints. Faced with this reality, many companies are now just paying off ransoms with cryptocurrency, a short-sighted solution that doesn’t always work and that only makes you the target for more ransomware attacks.

Here’s a better approach: Adapt your preventative defenses, but work in parallel to deploy a ransomware-proof recovery plan for all of your vulnerable devices—including every endpoint.

What does a ransomware-proof recovery plan for endpoints look like? Here’s a quick step-by-step guide:

  1. Take stock of every endpoint device in your organization.
  2. Back up the data on every endpoint device. The more frequently you back it up, the less data you are at risk of losing in a ransomware attack. Backing up every 15 minutes is best practice.
  3. Back up your endpoint data in a solution independent of your cloud collaboration software. Ransomware can infect shared folders and, in some cases, spread it to other devices even faster.
  4. Confirm that your backup storage is not susceptible to ransomware attack.

With this recovery approach in place, any endpoint device locked by ransomware can be unlocked by wiping the device and fully restoring the user’s data from your backup stores. With practice and a well-documented process, users can be up and working in less than an hour after a ransomware attack.

Good prevention tactics will help reduce the cost and disruption caused by ransomware, but won’t eliminate your risks. Enacting a recovery plan that accounts for every endpoint is the most important next step you can take to limit ransomware’s impact on your organization.

Webinar: How to Accelerate Incident Response

If you had to pick one word to describe the information security landscape today, what would it be? For me it would be “speed.”

Everything is moving faster – the frequency of data breaches, ransomware mutation rates and the GDPR-driven reporting time limit for data incidents. Prevention is largely a race to try to stay one step ahead of the next threat.

But what about recovery? Incident response times are lengthening. The longer detection and remediation take, the higher the cost to the business and the larger the risk of a cyberattack expanding across the organization.

Join us for our on-demand webinar on how to accelerate incident response times. We’ve got some fresh ideas and unconventional solutions that we hope will help you improve your investigation processes and think “out of the box.”

In this webinar, we will discuss how companies can significantly improve their detection and response times by adopting a product like Code42 Forensic File Search.

This informative webinar will specifically cover how to utilize Code42 Forensic File Search to:

  • Quickly enable the multiple steps, teams and processes involved in investigating and responding to cyber threats;
  • Effectively and efficiently recover from data loss incidents, reducing response times from days and weeks to mere seconds; and
  • Continuously and silently report on file events and metadata across all endpoints for near real-time detection of threats – even when the endpoints are offline.


Digital Transformation Requires a New Kind of Castle

Digital Transformation Requires a New Kind of Castle

Why don’t we build castles anymore? The answer, of course, is that we do—they just look a lot different. In fact, thinking about how and why castles have evolved can tell us a lot about how we can improve our approach to securing the enterprise “kingdom.”

The first medieval castles were a lot like first-generation enterprise networks: giant walls surrounding centralized assets. Nearly all the value of the kingdom could be held within the walls (data, productivity, etc.). A single drawbridge (the firewall) was connected to the outside world. Turrets gave better visibility to threats coming from the outside. It was a simpler time: With most value contained within the walls and little need to connect outside, it was much easier to build up a hardy perimeter. But these castles were also big targets, with a huge attack surface and lot of value to be taken. Moreover, there was little in the way of internal security. If attackers breached the perimeter, they had their run of the kingdom.

Gunpowder changed everything

Then someone came along and invented gunpowder. Firepower is a lot like malware, ransomware and social engineering tactics. Suddenly you can shoot over castle walls or even through walls. The response in medieval times was to build more walls—to create castles within castles. We did the same in the digital enterprise world, adding VLANs, secondary firewalls, app-specific encryption and other “walls” around specific internal assets.

That’s where most organizations are today – still structured around the idea of the secure perimeter. We secure the thing that holds the value—the network, the server, the app, the endpoint device—but not the value itself (the data). We hone our sights on external threats, missing the threats that are already inside the castle walls.

The digital castles of tomorrow

It’s increasingly clear that a perimeter-based approach doesn’t suit the modern kingdom. You’re never going to completely stop all breaches, and tougher walls will end up locking your own people out and stifling value creation. So, what does a forward-thinking data security strategy look like? Here are four key features we’ll see in the digital enterprise “castles” of tomorrow:

  • There will be perimeter—but it will be porous. There will always be boundaries, but we’ll only rely on the perimeter to stop the most obvious and basic attacks—and we’ll ensure it doesn’t thwart our users’ productivity.
  • Smaller targets—less attack surface. Data security strategies will start at the most granular level which is at the user’s endpoint device. By making the targets small and many, it makes it more expensive (and less fruitful) to attack them.
  • Turrets that look inward. As threats increasingly come from within, we’ll turn our lookout towers around. We’ll use data visibility tools to see where our data lives and when it moves, and get better at recognizing when something doesn’t look right.
  • Securing the value itself. Instead of securing the thing that holds the value, we’ll secure the value (the data) itself. That means finding ways to ensure that attackers can’t actually remove data, and/or that the enterprise never truly loses that data (and all its value).

To close out our medieval castle analogy, the next-generation digital “kingdom” won’t have giant walls to protect our gold. We’ll use data visibility tools to know the second a gold coin moves somewhere it shouldn’t, and we’ll use data recovery tools to ensure we can always yank that gold coin back, no matter where someone tries to take it.

Protect your business from ransomware

Protect Your Business from Ransomware with Code42

Code42’s endpoint data security solution provides your business with a variety of benefits, including increased productivity, risk mitigation, streamlined user workflows, and more–all in a single product that’s been proven to ultimately save you money. With ransomware making huge headlines in 2017, one of the Code42 features that enterprises are most interested in is ransomware recovery.

Since Code42 backs up your data every 15 minutes by default, you can roll back to a point in time and access files you were working on before the ransomware attack–without ever paying the ransom. Ransomware recovery is one of the major ways a true endpoint backup solution beats file sync and share products for data backup. Sync and share products can’t restore to a particular point in time, but they can actually spread ransomware through an organization.

To learn more about how Code42 beats sync and share products for ransomware recovery, watch our latest feature video below.

How the Rise of Cybercrime Is Prompting Small Businesses to Fight Back with Automated Cloud Backup

Smaller businesses and organizations like your financial planner, advertising agency, or attorney may seem small in comparison to their large enterprise peers but are actually a big draw for online hackers. This is because they often don’t have the capabilities, like an in-house IT team, to prevent and quickly recover from an attack.

And the risks are significant. The U.S. Securities and Exchange Commission reports six out of 10 small businesses hit by an attack like ransomware will go out of business within six months.

Because of this striking statistic, small businesses are increasingly turning to the kind of automated cloud backup we’re able to deliver with CrashPlan for Small Business.

In fact, CrashPlan for Small Business has seen a 57 percent year-over-year increase in new customers – growth spurred in part by a rash of malicious viruses and attacks hitting small businesses. For example, following the news of WannaCry, the daily average volume of customers who signed up for a free trial of CrashPlan for Small Business rose 98 percent – a record volume for new signups in a single day.

The risk of attack and impact on the business is simply too high a cost for small businesses – freelancers, home-based entrepreneurs and other growing organizations. That’s one of the reasons why we deliver the safety and security of knowing that your data is protected and can be quickly restored, but also why we deliver a product that is affordable, unlimited and flexible.

Small businesses are responding positively to the technology and support investments we’re making. We created a dedicated team, and recently expanded our weekday customer support for small business customers (now 7:00 a.m.-7:00 p.m. CT). We’re also finalizing plans to roll out an improved user interface for CrashPlan for Small Business. As we continue to grow, we’ll invest even more.

At the beginning and end of every day, it is important to us that small businesses know that Code42 will be there in the key moments when they need help. That’s what’s important to us – putting customers first so they are protected and can be successful.

Learn more about CrashPlan for Small Business or start a free month-long trial and see what our customers have said about us.

Large University Expels Ransomware Attack with Code42

A staple in the surrounding community and one of the most respected educational and research institutions in the United States, the university has a deep history of excellence to uphold. For such a storied southern university with more than 13,000 students, protecting the sheer amount of faculty, alumni and student data is a cumbersome task. The IT department, which is made up of around 100 employees, turned to Code42 to make sure the right backup solution was in place in case of an attack.

With Code42, the university primarily backs up VIPs, such as the CTO, CEO and anyone higher up in the organization. “Typically they travel a lot and so they have laptops and a lot of times they have important data on their laptops. So we’re using Code42 backup to make sure no matter where they are we still are protecting all that data,” said a systems administrator at the university.

Passing the ransomware test

A VIP user in the human resources department called the help desk after a pop up appeared on her computer. Unable to remotely access the computer, the university sent desktop support personnel to examine the machine. Once help arrived, they realized a hacker was trying to cheat the system with a ransomware attack, claiming they needed a payment of three Bitcoin (at that time worth about $1,000) before returning sensitive data.

Learning about ransomware for the first time, the university didn’t know if there was anything they could do. Unwilling to waiver on paying the ransom, the university reached out to the IT departments’ systems administrator tasked with handling backups. Because the infected user was enrolled as a VIP on Code42, the systems administrator was able to restore her computer with an automatic, continuous and near real-time backup of all endpoint data.

“Code42 runs in the background. They don’t even realize it’s there. When they do reach out to us we can easily push a restore out to them, some of them can restore it themselves. It’s very easy to restore from. It’s really just peace of mind,” said the systems administrator. In the future, the university plans on expanding rolling out Code42 to the research community and additional staff, as well as implementing more security measures.

This isn’t an instance that only affected this university. Employee laptops and desktops are soft targets for ransomware. If a company is unable to reconstruct what existed on the device after a data incident, it may result in brand repercussions to class-action lawsuits or regulatory fines. By using Code42, it provides the data and tools needed to recover and avoid paying the ransom. Every time.

Ransomware Data Loss: What Will It Cost You?

Ransomware is a problematic cyber threat. In 2015, there were an average of 4,000 ransomware attacks per day in the U.S. alone, and the number has only climbed since then. Fifty percent of U.S. companies reported being the target of a ransomware attack in 2016. In 2017, the world was introduced to the biggest ransomware threats yet in the form of WannaCry and NotPetya. Worse yet, ransomware is predicted to $11.5 billion in losses by the end of 2019. If that doesn’t give you pause, nothing will.

Ransomware is real, rampant and ruthless.

Recovering from ransomware

The only way to outwit the cybercriminals is to protect your data before ransomware hits. The FBI agrees and recommends that you never pay. Without a comprehensive data protection strategy in place, you’re pretty much out of luck when ransomware strikes. When it does, it’s going to cost you, either in Bitcoin or in lost data.

The cybercriminals will tell you how much money they demand for the safe return of your data. But what if you follow the FBI’s recommendation and refuse to pay the ransom? How much would your data loss cost you?

Calculating the cost of ransomware data loss

If you aren’t sure how to quantify the financial impact of data loss from ransomware on your business, you aren’t alone. We’ve created a simple online calculator that will help.

It’s easy. Just answer a few questions about your enterprise environment. We do the number crunching for you. Curious about how much lost data costs you in other areas of your business? Complete the sections about data migration, hard drive recovery and device failure and loss for a custom analysis. This is especially helpful if you need to justify your endpoint data protection budget.

All in, it should take you about five minutes to complete. You can run the numbers as many times as you want to see how different answers affect your risk calculations.

Code42 data loss risk calculator

We hope that endpoint data protection is your number one priority as you plan for the next year. Based on the stats above, we’re all going to need it. Ransomware is like a runaway bullet train. Until you stop it, you’re at the mercy of a countdown clock and your ability to recover. Endpoint data protection is the only way to guarantee data recovery–without paying the ransom.

Find out how much ransomware data loss is costing you. Calculate your risk with the Data Loss Risk Calculator.

In Healthcare, Ransomware Actually Threatens Patient Safety

Imagine needing medical care and being turned away because the hospital or provider is paralyzed by a ransomware attack. Perhaps even scarier: needing emergency care and being treated “blind” by doctors who can’t access your medical records. This isn’t some far-off worst-case situation. Just last March, MedStar Health, the largest healthcare provider in the D.C. region, was forced to turn patients away and treat others “blind” for two full days after ransomware locked down its patient database.

Legislators urge HHS to focus on continuous data access

Nightmare scenarios like this are getting the attention of regulators and legislators. In June, two U.S. congressmen released a letter urging HHS to amend HIPAA rules to prioritize continuity of data access. In particular, they called for a focus on any incident that “results in either a denial of access to an electronic medical record and/or loss of functionality necessary to provide medical services.” The loss of data access is more concerning than a privacy breach, explained Congressman Ted Lieu, because “it could result in medical complications and deaths if hospitals can’t access patient information.”

It makes sense, doesn’t it? Patients (and the general public) have a right to know about incidents like this. After all, you might not choose the hospital that can’t promise continuous care.

Is healthcare too focused on data privacy?

HHS did recently issue specific guidance on ransomware and HIPAA compliance. But the guidance stays within the realm of original HIPAA rules, focusing entirely on data privacy concerns. The result, according to a new report titled “Hacking Hospitals” is that the typical healthcare organization has built its security infrastructure and strategy with tunnel vision on patient data privacy and HIPAA compliance. The report cautions that a singular focus on data privacy leaves an organization unprepared and vulnerable to a range of other cyber attacks that may pose an equal or greater risk. In the case of ransomware, the risk arguably supersedes patient privacy concerns, impeding the organization’s ability to actually deliver patient care. “These findings illustrate our greatest fear,” the report warns, “patient health remains extremely vulnerable.” The report concludes that the focus on data privacy, “while important, should come second to protecting patient health.”

Importance of data access elevates disaster planning and recovery

The shift toward focusing on continuous data access isn’t unique to healthcare. Regulators in every industry are realizing that an interruption to data access—such as ransomware attack—may have a graver impact than a traditional data breach. Businesses themselves are also seeing the threat of huge monetary losses from an interruption in service delivery. Looking back to healthcare, the ransomware attack on Hollywood Presbyterian Medical Center made headlines for the $17,000 ransom payment, but the cost of system downtime was far higher, with an estimated $1 million in lost revenue from lost CT scans alone.

This realization is putting disaster planning and recovery on the same level as detection and prevention in a modern data security strategy—and putting data backup squarely in the spotlight. The legislators pushing for HIPAA changes already acknowledge that effective backup can eliminate data access interruptions and mitigate the risk to patient health. Future regulations in healthcare and other industries will likely include specifications for comprehensive data backup—covering central servers and systems, as well as the half of all enterprise data that now lives on users’ endpoint devices.

Considering the high risk and cost, we don’t advise waiting around until regulators force the issue.

The Ransomware Paradox: Bad Guys Offer Good Customer Service

Not only are ransomware extortionists stealing our money, they’re also stealing our smart business practices. First, cybercriminals started mimicking our sophisticated organizational hierarchies, then they figured out a new financial trading system. Now, in an absurd juxtaposition, they’re pampering their ransomware victims with helpful customer service to increase their chances of getting paid.

Need help finding a Bitcoin vendor? Here’s one in your area.

I can understand you might be skeptical that we’ll actually restore your files.

We’ll let you decipher one file for free. Oh, you just made a car payment and are a little low on cash? No problem, we’ll lower the ransom.

The paradox of bad guys offering good customer service was so interesting to European cybersecurity company F-Secure that the firm recently evaluated the customer journeys of five current ransomware families: Cerber, Cryptomix, Jigsaw, Shade and TorrentLocker. First, F-Secure set up a Hotmail account for a bogus “Christine.” Then, once infected, the firm had her interact with the criminals to observe the numerous tactics of reputable customer service being used by disreputable extortionists:

User-friendly interface

Knowing it’s important to make a good first impression, smart cybercriminals are using more professional-looking branded webpages to notify victims their files have been taken hostage. Cerber’s website even offers content in 12 languages and has the online equivalent of a Wal-Mart greeter (albeit, one who is talking through a tracheostomy tube): A voice letting victims know their files have been encrypted, just in case they don’t read the ransom note on their screen.

Clear instructions and FAQs

Most extortionists demand payment in Bitcoin, which isn’t widely understood by the law-abiding masses. So extortionists provide clear instructions, FAQ pages and lists of Bitcoin vendors.

Multichannel support

Like good marketers, the bad guys provide support across numerous channels. They offer online forms, chat and email support.

Timely response

Apparently, cybercriminals are keeping up with the latest customer service surveys, like one by Toister Performance Solutions that found customers now expect an email response from businesses within one hour. When “Christine” sent emails asking for support, she often received replies within minutes.

Free trial offer

What better way to build trust with skeptical prospects than letting them see that their files really will be decrypted? Four of the five ransomware families evaluated offered a free trial, usually letting the victim/customer choose one file.

Lower price offer

Ransomware gangs are usually willing to lower the price. When “Christine” balked at the original ransom (which ranged from 150 to 1,900 Bitcoins), three of the families dropped the price, averaging a 29% discount from the original ransom fee.

Extended limited-time offer

Ransomware always has a deadline, akin to conventional limited-time offers. Just like retailers who graciously tout that their sale is “extended three more days,” the bad guys are willing to extend their “offers,” too. When “Christine” complained she was busy and having trouble with the payment process, four of the five families extended the deadline.

While F-Secure’s report looked at the lighter side of a serious problem, the firm’s overarching goal was to remind users that ransomware prevention—with regular backup of files—beats negotiation with the bad guys, no matter how polite they seem.