Gracefully Sidestep Ransomware

You’re more likely to encounter an IT-centric disaster today than ever before. Sure, natural disasters happened in the past and water pipes above data centers broke from time to time. But there weren’t professional crime syndicates out there gunning for your organization’s data to sell on the black market, or trying to hold your data hostage for a ransom. Unfortunately, that’s commonplace today.

Cybersecurity Ventures predicted in a 2018 report that there would be a ransomware attack on businesses every 14 seconds by the end of 2019, and every 11 seconds by 2021.1

There are software solutions available that function like traditional endpoint protection and claim to stop ransomware before it successfully encrypts your data. The fact is that tools like these may prevent some attacks, but you probably can’t rely on them to prevent all attacks.

In fact, the endpoint security vendor Sophos says in its report that 77% of organizations surveyed who were victims of ransomware attacks were running up-to-date endpoint security at the time of the attack.2

1 “Global Ransomware Damage Costs Predicted To Reach $20 Billion (USD) By 2021”

2 “The State of Endpoint Security Today,” 2018

Figure 2: One need not even develop their own ransomware today; Ransomware as a Service (RaaS) is a burgeoning business and is growing rapidly. Some developers offer affiliate programs where novice cybercriminals don’t even have to front any cash for the software. Others sell complete ransomware toolkits with maintenance for as little as a few hundred bucks.

Bad guy ransomware developers will continue to innovate just as fast as the good guys do, and while you may be protected against weeks-old ransomware strains, it’s likely that there will be zero-day exploits and ransomware that behaves in new and unforeseen ways that slip past defenses. With the appearance of Ransomware as a Service business models over the past few years, the threat of ransomware is growing exponentially (see Figure 2 for how it works).

Running advanced endpoint protection systems is absolutely a good idea, and should be standard practice. But endpoint protection alone isn’t enough; you need to have a fallback plan for when ransomware slips past your first line of defense.

When ransomware touches your organization, you’re going to have business leaders breathing down your neck. They’ll be asking for status updates and pressuring you for an ETA on getting systems back up (Figure 3). The only thing you’ll really care about in that moment is RTO—how quickly you can recover. (More on RTO in a bit.)

You’re more likely to encounter an IT-centric disaster today than ever before.

Why has the ability to respond quickly to a disaster become more important?


Increasing threat of ransomware


Increasing threat of power outages


Increasing threat of human error


Increasing threat of natural disaster


Increasing impact of downtime on the business

Figure 3: Ransomware is the top reason that IT professionals are seeking a lower recovery time


Be prepared to outmaneuver ransomware. Not only do you not even need to consider paying the ransom, you also don’t have to spend days or weeks recovering. You simply choose the restore point, revert to that point in time, and pick up where you left off.