WSJ warns of ransomware—misses the obvious solution

Read through the recent Wall Street Journal ransomware article and you’ll find some great stats on the growing threat and cost. One thing you won’t find: the word “backup.” We’re happy to see ransomware finally getting the attention it deserves, but why discuss the problem and leave out the obvious, simple antidote? It’s like an article on a bike theft epidemic that fails to mention that none of the bikes were locked up.

Focusing on payment: a dangerous way to frame the issue

The WSJ article backs up stats on the increasing threat with stories of both people and businesses victimized by ransomware. But these case studies use quotes like “he had no choice” and “this is a worthwhile bet” to frame paying the ransom as the unfortunate, inevitable, and ultimately, most responsible option, which couldn’t be further from the truth. When payment results in the return of stolen data, the WSJ concludes the “investment paid off”—confirming that extortion promises dividends.

Paying the ransom is the fool’s bet

The problem with paying the anonymous extortionist? Look at the major ransomware attack on Hollywood Presbyterian Medical Center in Los Angeles earlier this year. The hospital paid the ransomers’ initial demand of $9,000, but they didn’t get their data back. Instead, the perp demanded an additional $8,000 the very next day.

Why would you bet on criminals staying true to their word? It’s foolish to expect honor and decency among thieves.

Stockpiling bitcoin = playing into the ransomer hand

The closest the article comes to the idea of “being prepared” is highlighting the alarming trend of businesses stockpiling bitcoin so they can quickly pay when ransomware inevitably strikes. A recent U.K. survey found that one in three companies have bitcoin reserves in case of ransomware. But more telling, half of these companies don’t even have daily data backup.

Again, it’s like hanging a sign on your bike that says, “REWARD for bike’s return,” instead of just getting a bike lock.

Endpoint backup is the only bet worth taking

Ransomware can make for a sensational narrative, but the real story is actually much simpler. Unlike most other infosecurity threats, ransomware has an easy antidote: endpoint backup. With the automatic, continuous and near-real-time backup of all endpoint data, your headline is “We Laugh at Ransomware.” You start clean, stream all your data back, minimize the downtime, and get back to work with no bitcoin drama.

So, in case the WSJ is listening, here’s how the story should have gone: Ransomware is increasing. The costs can be huge. The only investment that pays off—the only bet worth taking—is modern endpoint backup. Back up your data. Never pay the ransom. The end.

Learn how to fight ransomware with modern endpoint backup.


3 responses to “WSJ warns of ransomware—misses the obvious solution

  1. Typical backup systems do not hotswap. (eg: by Code42) 1d downtime to restore can be unacceptable. Please offer your thoughts on backup architectures that reduce restore downtime to seconds and how such systems are themselves vulnerable. Taken to extreme backups systems can approach infinity!

    1. Hi Paul,

      In general, most people don’t realize that a ransomware encryption is happening until it is too late. The ransom screens get shown after the encryption is done. As a result, most restore activity does not happen in real time and involves restoring large amounts of files. To make matters worse, ransomware usually stays resident until it is removed through appropriate anti-malware software and during that time destroys random data over time or even continues to encrypt new files (http://www.bleepingcomputer.com/news/security/eviltwins-exotic-ransomware-continuously-monitors-for-new-files-to-encrypt/).

      Correct recovery requires two basic steps:
      1) Removal of ransomware or re-image machine
      2) Recover lost data

      Attempting to do the second step before the first, generally will result in incomplete recovery or increased recovery time.

      The first step is largely dependent on the specific ransomware involved and the company’s IT setup. Code42 enables the safe reliable recovery of the lost data. To ensure that a user is back up and running as quickly as possible, we would recommend restoring critical folders/files first before pushing a restore of the complete data set.

      As to the last question raised: Are backup systems vulnerable to tampering? Well, yes. All modern ransomware deletes snapshots in an attempt to make recovery difficult, for example. Code42 allows for offsite backup and nearly infinite version recovery. As a result, even if the newly encrypted files are backed up by Code42, a user will be able to go back in time far enough to find a non-encrypted version. Disrupting the Code42 backup process does not generally hinder the recovery process after ransomware encryption is complete.

      J.A.

Leave a Reply

Your email address will not be published. Required fields are marked *

*