How to Neutralize the Impact of Ransomware

For the manufacturing industry in particular, it’s become evident that the only way to survive a ransomware attack is with bullet-proof backups and rapid disaster recovery.

Mnet 193235 Wanna Cry
Oussama El-HilaliOussama El-Hilali

Ransomware has been plaguing IT teams for years, and while we all thought this form of cyberattack had reached its climax with the WannaCry attacks in 2017, we were sorely mistaken. Since then, cybercriminals have continued to evolve their tactics to encrypt files and solicit ransom payments from their victims. More recently, a new form of ransomware has emerged; its name is LockerGoga. Its latest victim? Norsk Hydro, which is one of the world’s leading aluminum manufacturers. The attack crippled their infrastructure and brought their operations to a screeching halt.

While they didn’t pay the ransom, initial reports are estimating the attack is going to cost them $41 million. Most of the financial penalties they’re incurring are from lost production time. So, for the manufacturing industry in particular, it’s become evident that the only way to survive a ransomware attack is with bullet-proof backups and rapid disaster recovery.

Fix Common Backup Mistakes

A lot of manufacturers can run into trouble when they have a haphazard backup strategy to ensure redundancy of systems, workloads, and applications. The first misstep that many organizations make is failing to identify the full scope of assets they need to protect. During this process, the IT team needs to work with every single business department to identify which applications are the most critical to operations, and then with fine-detail, map each back to the IT infrastructure. Having this holistic view of the resources the business uses most, and how that translates into IT, is tremendously important to determining how to tier systems and data. This way, the IT team knows which systems need to be prioritized during the recovery process. It’s also important to determine the data retention period necessary for the business to operate and meet compliance. If companies need to store data for long periods of time, it may also be necessary to archive that information and store it on a completely separate infrastructure.

Another common misconception is that every system, application, and workload needs to have the same recovery point objectives (RPOs) and recovery time objectives (RTOs)—this is not the case. Some systems and applications will require RTOs and RPOs of minutes, while others can have RTOs and RPOs of a few hours. For example, transactional and communications systems likely need to be restored as soon as possible, but a server storing marketing videos or images can probably wait a little bit. Once the appropriate RPOs and RTOs are identified, it’s important to make sure they’re as aligned as possible. While recovering quickly is obviously of the utmost importance, it will do you no good if outdated data is recovered. For example, if the RTO is five minutes, but the RPO is yesterday’s data, that’s not optimal. On the flip side, if the data has been backed up within 15 minutes, but it takes a day to recover, that’s no good either. That said, getting your RPOs in line with your RTOs is a critical step in making sure your backups can be successfully recovered in the event of a ransomware attack.

Invest in Disaster Recovery Technology That Meets the Need for Speed

In addition to making common backup mistakes, many manufacturers often think that cybersecurity protocols are their best defense against ransomware. And, while they’re not wrong, they’re not totally right, either. Yes, good cybersecurity measures are definitely necessary to thwart cybercriminals—you can’t leave yourself exposed, of course. But, IT professionals should always be operating with the mindset that hackers are going to someday weasel their way into the corporate network. There’s always a new vulnerability to exploit, or a new malware variant cropping up that’s especially dubious. LockerGoga, for instance, is still puzzling many cybersecurity researchers, as it’s unclear how it infects the target system, and whether hackers’ main goal is to drive profits or just cause headaches.

The constant evolution of malware is why it’s so important to make sure you’re making significant investments in backup and disaster recovery technology. These solutions are often a company’s last line of defense, so if they’re not continually maintained and upgraded, they will be of no use to the IT team when the day of reckoning comes knocking at their door.

So, what should be in your arsenal for quick and swift recovery? The most effective solutions allow manufacturers to go back to a previously pre-determined recovery point to recover data. This kind of replication and high availability technology is especially helpful in cases where data has been corrupted, as the IT team could recover data from a state prior to the incident.

Further, it’s important to invest in technology that can give you ample onsite and offsite recovery options. If your data center is irrecoverably infected in a ransomware attack, having data backed up on a public or private cloud service can be your saving grace. However, it’s important to make sure you take the time necessary to ensure you’re investing in a cloud infrastructure that makes sense for your business, as poor infrastructure investments can result in overblown disaster recovery budgets. It is also important to architect your cloud backup solution so that your cloud environment does not get infiltrated with malware from the original attack. For manufacturers specifically, the cloud can be a cost-effective storage and data recovery option, as they would not have to build out a completely new physical IT infrastructure for the many locations they often have around the world.

The recent Norsk Hydro ransomware attack should be a wake-up call to manufacturers who aren’t sure what their backup and recovery strategy is, and whether they’ve made the necessary investments in data protection technology to ensure their data would survive an attack. It’s critical that data recovery be at the forefront of every business’ ransomware crisis plan. If it isn’t, now is the time to reconsider.

Oussama El-Hilali is CTO at Arcserve.

More in Cybersecurity