Ransomware attacks are filling headlines. Now reaching unprecedented levels, the ransomware crescendo is part of the surge in cyber-attacks that became a side effect of the COVID-19 pandemic.
The rise of ransomware attacks has understandably been a cybersecurity challenge, and prevention is the current point of many conversations.
But there are operational disruptions to consider – especially as agencies rely on the integrity of files for big data analysis. Even with air gaps and secure networks, odds are increasing that a government agency will be hit at some point, necessitating a strategy to minimize disruption to data integrity while maintaining cyber resilience that will inevitably follow a successful attack.
In a ransomware attack, an executable script or program runs, encrypts your data, and a ransom is demanded for the encryption key.
There are two possible ways this happens: a user inside the network opens a bad file or link that immediately executes a harmful payload, or a malicious file that’s been lying in wait for months to bypass restore capabilities executes upon a trigger event. There are significantly different operational impacts resulting from each.
Triggers are usually timed to happen beyond the backup window, which is typically limited to three to six months given the costs of storing today’s massive datasets. Also, because of how backup management works, over that time the restore point expands (to an hour, to a week, to a month, etc.), limiting what is restorable to less and less finite options. By the end of the backup window, there is no restore capability at all because the data is simply gone.
That is a big reason why time-delayed ransomware is becoming more dominant. Skilled attackers – whether a disgruntled insider, an organized crime operation, or a nation-state level actor – understand the backup window vulnerability and manipulate it to their advantage. As we’ve seen, without restore points, the victim’s choice is to pay the ransom or lose their data for good. Their recourse has been to expand backup and restore capabilities to a bigger time window, and at greater expense. But adopting a different kind of technology can render this danger moot.
Given the proliferation of ransomware and other cyber threats, it is not a question of if, but when, an agency will be hit. Rendering stored files immutable and inoperative will provide agencies with a unique and valuable option to securely manage their data – the lifeblood of their mission – stemming the operational disruption of a cyberattack for as long as that data is needed.
Full article https://nationalcybersecuritynews.today/ransomware-is-more-than-a-cybersecurity-issue-meritalk-malware-ransomware/
#ransomware #cybersecurity #malware #BeCyberSmart #yokdata #mindyourdata