Ransomware has plagued enterprise IT for a while, but a startling new wave of attacks targeting major US governmental agencies and some large infrastructure giants is showing that ransomware preparedness has been slipping.
What can your organization do to make sure that the hackers don’t lock you out of your systems? Whether you’re in charge of IT at a small local government, a major metropolis, or an enterprise that carries out major infrastructure projects, your ransomware prevention and remediation technologies need to be reassessed. In this post we’ll take a closer look at some recent prominent ransomware attacks, and link you to an important resource on how NetApp® Cloud Volumes ONTAP can help you beef up your ransomware prevention and response.
What Are Ransomware Attacks?
Ransomware is a malware program created with malicious intent, for the purpose of restricting or preventing the use of a business’s system, application, or solution until a ransom is paid. These attacks can be debilitating to a company or organization and may make services, applications, or sites completely unusable.
The ransomware typically encrypts system resources such as valuable files or the entire content of a disk drive. If the organization wants to regain access but not pay the ransom, the only option is to restore the encrypted data using backup copies. How effective that will be depends on the backup policies that that company was following, assuming that there was even such a policy in place. As we’ll see below, that isn’t always the case.
A Renewed Threat: Some Recent Ransomware Examples
In March 2019, hackers locked out the local Georgia county government from their IT systems using Ryuk, a variant strain of the widespread Ryuk ransomware, taking crucial county services entirely offline. Luckily, the attack did not affect the 911 system, but nearly all other systems were offline, forcing officials to return to a paper-only record-based system, slowing operations to a crawl. To regain their systems, Jackson County decided to pay the ransom of $400,000 to the hackers.
In one week in June 2019, both Lake City and another city in Florida paid hackers a combined $1.1 million to release their frozen IT systems infected with ransomware. Lake City’s equivalent $600,000 payment in Bitcoins was one of the highest ransoms that has ever been paid out to free an impacted system, a devastating sum for the small city.
Atlanta was struck by the SamSam ransomware in March, but unlike the smaller municipalities that have recently been hit by ransomware attacks, the administration decided that they would not pay the ransom of close to $50,000, considering it to be akin to negotiating with terrorists. However, due to inefficiently configured recovery systems, restoring their full operations has not been possible and costs have run into the millions of dollars. At the same time, hundreds of the city’s systems remained offline months after the lockout, and may never be fully recovered.
As these ransomware statistics show, it doesn’t pay to pay to attackers, and it costs even more if you try to recover without a solid recovery plan in place.
The true impact of a wide-spread ransomware attack is difficult to be accurately quantified. For example, when the NotPetya ransomware tore through several enterprise organizations around the globe back in 2017, some $10 billion in damages are thought to have been caused, but the affected organizations may still be experiencing financial aftereffects from that attack.
However, at a high level, some of the key impacts of a wide scale ransomware attack can be grouped into three main categories: The cost of downtime, the cost of recovery, and the costs that come with reputational damage. Of all of these, it’s the last one that might be the most expensive as it turns years of successful operational or public trust into sunk costs, something that you can’t make up overnight.
With the implosion of public clouds over the recent years, many enterprise organizations have started incorporating cloud computing as a key part of their IT strategies. Due to the inherent nature of public cloud IT, where the underlying infrastructure is secured and managed by the cloud service provider, many customers have assumed incorrectly that the threat of ransomware in the cloud is less than in a private data center that is managed by the end users themselves.
When it comes to the majority of cloud workloads that operate on Infrastructure as a Service (IaaS) today, this is far from the truth.
Stay Protected with NetApp Cloud Volumes ONTAP
A sure way to avoid paying the exorbitant ransoms or eating the enormous costs of trying to recover on your own is to rely on NetApp Cloud Volumes ONTAP to help.