Unfortunately, ransomware works. This has been known by information security practitioners (and cyber-criminals) for a while now, but the recent public announcements of payoffs has let the cat out of the bag.
At the core, this is only a new payload for malware attacks. The attack vectors and the spreading capabilities are still the same (including some new reports of self-spreading crypto-worms in the wild) but instead of gathering information, zombifying the system, or providing a pivot point for additional intrusion; the ransomware makes your information “inaccessible” unless you pay up.
One good development of shining a light on ransomware is the focus of security researchers on cryptographic implementation flaws in the malware. As any media industry executive will tell you it’s hard to do crypto right. There are a surprising number of ransomware variants that have been “cracked.” As is always the case with information security, the arms race is in effect again but roles reversed as the criminals are playing defense.
But the bottom line on ransomware is simple. This means that no matter what the level of sophistication, it can be defeated by a proven and tested secure backup plan. When’s the last time you’ve tested your plan and restored your business critical data from backup?
When’s the last time you’ve tested your plan and restored your business critical data from backup? It’s not good enough to just have a plan. Are you sure it works? Failing to test it could come at a very high price.