Hackers have been around since there were computer systems available to attack. Some of these individuals engage in the practice purely for intellectual sport and thrive on the act of defeating a system’s security defenses. They enjoy the challenge and want to pit their skills against the teams who are responsible for securing an organization’s computing environment. These types of hackers can be annoying and cause problems for your security team, but they are for the most part harmless. They do not have malicious intent once they have gained unauthorized access to a particular system.
Unfortunately, this class of hacker is in the minority when their overall population is considered. Most entities who are attempting to gain illicit access to secured computer systems are doing so with bad intentions. As security experts address and remediate known exploits, the hacker arms race continues to come up with new and novel methods with which to cause havoc. One of the most troubling recent developments is the addition of ransomware to the hacker arsenal.
What is Ransomware?
Simply put, ransomware is malicious software that is designed to lock and encrypt a user’s or system’s data. Once this is accomplished, the perpetrators demand a ransom to decrypt the files. Depending on the importance of the targeted systems, a company can be crippled by a ransomware attack. Often there is a time constraint placed on delivering the ransom to the hackers. Since they have already shown themselves to be unscrupulous individuals, there is no guarantee that you will get your data back if you accept their financial demands.
Ransomware comes in a variety of flavors which pose varying degrees of risk to the infected systems. The five categories of ransomware are:
Crypto malware - This well-known form of ransomware can be extremely damaging to the systems it infects. The WannaCry attack of 2017 which affected thousands of machines is an example of this form of ransomware.
Lockers - This type of ransomware completely locks you out of your operating system, rendering the machine useless.
Scareware - A scareware infection usually is perpetrated by a fake software product that claims to be a system utility. It claims to have found problems on your machine and demands a fee to repair the issues.
Doxware - A doxware attack, or leakware as it is also known, threatens to publish stolen sensitive information if a ransom is not paid.
RaaS - Taking a page from cloud computing terminology, ransomware as a service (RaaS) is malware hosted by anonymous hackers that can be used on-demand to conduct attacks. A cut of the ransom is paid to the service providers.
The Prevalence of Ransomware
Ransomware infections have dipped slightly in the past two years but remain dangerous. While the overall rate of ransomware attacks was down 20% in 2018, it was up 12% for enterprises as cyber-criminals sharpened their focus on more lucrative victims. Other sectors of society are also becoming more popular targets to the hackers behind ransomware.
Early statistics from 2019 indicate that ransomware attacks are on the increase again, with small and mid-sized businesses and the healthcare industry finding themselves especially at risk.
An example is a recent attack on Washington-based Grays Harbor Community Hospital and Harbor Medical Group. They were infected with ransomware that demanded a $1 million payment to unlock patient records. Some systems are still not operational weeks after the attack.
Recovering from a Ransomware Attack
In a perfect world, your cybersecurity defenses foil every attempt to introduce malware into your computer systems. All of your organization’s users are properly trained and would never even think of opening an attachment contained in an email delivered from an unknown sender. Downloading unvetted software would never be considered by anyone in the company.
When you find that place, drop me a line. Sounds nice, but I think I’ll be waiting for that correspondence. Despite the best efforts of your security team and the most aggressive and thorough user training, your enterprise may be infected with ransomware at some point. Then what do you do?
Unless you want to pay up to get your data back, you need to have a way to restore your systems to the state they were in prior to the infection. This implies backups, and if you are a DBA, database backups. While backups have always been an important facet of system administration, they are essential when combating the purveyors of ransomware.
IDERA’s SQL Safe Backup can help ensure that you can recover your SQL Server environment from a ransomware attack. The tool allows you to see the complete SQL Server backup infrastructure from a unified dashboard and alert and report on failures. It protects your SQL Server instances both on-premises and in the cloud. SQL Safe Backup offers different recovery techniques that can be instrumental when recovering from a disaster. It’s a great weapon to have at your disposal to keep your systems operational despite the threats of ransomware.