Recovery Fundamentals in the Event of a Worldwide Ransomware Cyber-Attack

Raymond Goh, Head of Systems Engineering, Asia & Japan, Veeam Software

Raymond Goh, Head of Systems Engineering, Asia & Japan, Veeam Software

We live in tumultuous times. May 2017 saw an unprecedented global ransomware attack on more than 100,000 devices across 150 countries in a short span of 24 hours. Dubbed the ‘largest hacking in history’, the tumult was caused by a sophisticated ransomware programme called the Wanna Decryptor, or WannaCry, or Wcry for short. It worked by first locking all data and files on a computer system, leaving the user with only two files (instructions on what to do next, and the WannaCry programme itself) – and a demand for a sum of bitcoins (a type of virtual currency) to be paid before access would be returned.

Sounds like something out a Hollywood blockbuster, but the reality of these events had visible impacts across countries, including Singapore, Indonesia, and China. Digital displays in several Singaporean malls were reported to be displaying the ransomware’s pop-up window, while Indonesia’s largest cancer centre, Dharmais Hospital, suffered delayed operations due to the attack. Personal computers were not spared either, with individuals suffering from the loss of all files on computer, including self-created films, and other important documents.

Organizations Should Be Shifting Their Attention to Gaining Understanding Of and Taking Measures to Ensure Minimal Disruption in Case of Future Attacks

While these attacks have since stopped, experts are warning of the imminence of future attacks more lethal than WannaCry.

Looking back at the chaos created, majority of the focus was on the source of vulnerability and identifying the group responsible for these attacks. While important, the imminence of future attacks means that organisations should be shifting their attention to gaining understanding of and taking measures to ensure minimal disruption in case of future attacks.

As with all malware and ransomware related attacks, a solid defence plan includes aspects of people, process, and technology. User education and strong patching processes, while essential, are not sufficient. To ensure true enterprise quality availability, organisations need to move beyond simple backups. A nightly backup to tape leaves a great deal of data exposed to loss, and recovery can take hours or even days. Few organisations, especially in healthcare, can tolerate that kind of downtime, especially in the wake of ballooning costs.

In Veeam’s annual report published earlier this year, 82 percent of organisations worldwide were unable to meet expectations for uptime due to insufficient protection mechanisms and policies, suffering downtimes worth up to USD 21.8 million a year. In Singapore, this number is drastically higher at 96 percent, with organisations suffering from downtimes worth USD 22.3 million a year. In addition to monetary costs, organisations also suffer damage to brand integrity and a loss of customer and employee confidence.

There is an immediate need for organisations to shift in favour of availability, and minimise downtimes by ensuring applications are up and running again. A basic start would be to follow the 3-2-1 golden rule: 3 copies of data on 2 types of media with 1 copy offsite. While not foolproof solutions, these steps would help ensure that organisations would be better equipped in managing unexpected downtime – and in this case, cyber breaches.