Malware or ransomware has always been around in some form or other. In the early days, it was all about having an anti-virus that cleaned the affected data and moved the threat to a vault, where it could be deleted. It was a fairly simple and straightforward process that kept your data relatively safe against attacks. However, says Veeam regional manager for Africa, Claude Schuck, "If you look at how many virus programmes launched in the past two years, you'll see that literally hundreds are being developed every month. How can the average business keep track of that?"
The whole anti-virus industry has become radicalised. Attacks are so frequent, as are the updates. Anti-virus providers can't keep up with the pace of change of viruses and threats. Combatting these types of attacks is about remediation, as in how do you get back to business as usual as quickly as possible. It's also about prevention. And it's no longer a case of if you get hit, it's when. Malware attacks used to be more prevalent in smaller organisations, but they're now equally common in bigger businesses.
He says: "There are various ways that viruses can infiltrate your organisation. It can happen via an e-mail or someone visiting an unsecured Web site. The minute the user clicks on either, the damage is done.
"Today's attacks are so smart that it's no longer sufficient just to educate your IT team and administrators, you also need to educate the staff who use your systems on a daily basis."
Schuck cites the example of a recent attack, where the perpetrators used information garnered from social media sites such as Facebook and LinkedIn to compile a plausible e-mail that the intended victim would most likely click on. "Imagine receiving an e-mail about a school reunion at the school you attended, one that names people that you went to school with, the year that you all graduated, you'd probably click on that attachment because it feels safe. Educating your staff about this type of onslaught should be part of your prevention strategy."
He emphasises the need for an organisation to separate its remediation and prevention measures.
When it comes to remediation, Schuck says the organisation has two choices if it wants to get back up and running as soon as possible: either pay the ransomware; or recover from its backup. "If you choose the latter route, you need to assess how reliable your backup is and how quickly you can access it," says Schuck. "Because of the way that some big corporates are structured, recovering from backup can be a long and arduous process. This means they can't be back in business as quickly as they'd like, so in more cases than you'd imagine, they just opt to pay the ransom. My advice to businesses that choose this route, would be to alert the authorities, as they might be able to track the payment."
There's plenty that an organisation can do to prevent malware or ransomware attacks, according to Schuck, who refers to the 3-2-1 rule of backups. "You need to have three copies of your data, in two different forms of media, one of which is kept off site. An example would be a production disc, a backup disc and a tape copy. One of the backups can be stored offsite or in the cloud, but it's important that there be what we call an air gap, so one of your backups has to be physically disconnected from the organisation's network. The value of this will become apparent should your data become infected by a virus."
This is one of the reasons that Schuck likes the use of old-fashioned tape as one of the forms of backup – you can't infect a tape!
To find out more about how to defend your business against ransomware and other attacks, read this article on how to keep your data secure and your business operational.