Have you ever been to New Orleans?
It’s probably the greatest city on the planet.
I like the open container laws – nothing beats partying in the street.
New Orleans is also governed by the State Office of Louisiana – the latest victim of an organized ransomware attack. According to a statement from Governor Jon Bel Edwards, “some, but not all state servers” were shut down by the breach - including the Department of Motor Vehicles, Department of Health, Wildlife and Fisheries, and the Secretary of State Office [1].
The FBI has launched an investigation into the root of the attack. Governor Edwards has also declared a state of emergency as the interrupted systems slowly come back online.
Cybersecurity experts believe that the hackers infiltrated Louisiana’s network through a strain of ransomware called RYUK – the same virus that penetrated Georgia’s court system and extorted two cities in Florida for over $1 million [2].
The compromised systems in Louisiana serve as a stark reminder over the importance of a reliable ransomware response policy. Let’s take a moment to analyze the RYUK attack process, proper IT resiliency safeguards, and the evolving cybersecurity landscape.
What could possibly decrease production at 79 DMVs in Louisiana?
The answer to that question is RYUK – a Crypto-Locker variant that encrypts data at the system-level and typically demands $288,000 per attack [3]. The virus was authored by a Russian cybergang named “WIZARD SPIDER” and often targets larger global enterprises and government agencies.
The organized nature of the RYUK attack process complicates the implementation of security protocols. But the easiest first step to secure your IT environment is to ensure that all systems connected to the corporate network are up-to-date with the latest software patches and anti-virus software. This level of defense will help suppress the introduction of malware into the operating system.
However, these preventative measures are largely contingent on the anti-virus software identifying the RYUK code. The Russian hackers were able to bypass the Louisiana Government's firewall by altering the code of an existing strain of ransomware called "HERMES".
The UK’s National Cyber Security Centre (NCSC) recently released a detailed security advisory about the RYUK threat back in September. The report lists a wide variety of ransomware defense mechanisms and highlights “keeping safe backups” and “reviewing and refreshing your incident management processes” [3].
The consistent replication of data backups off-site is the foundation to any credible ransomware response strategy. But a ransomware-resilient solution should also include air-gapped storage and customizable point-in-time failover capabilities.
Global ransomware outbreaks are growing in both quantity and level of sophistication. The Big 3 from the past couple years include WannaCry, NotPetya, and Spectre/Meltdown.
Ransomware is still the greatest cyber threat facing corporate downtime and business continuity. This position is supported by a recent Statista survey of 1,600 InfoSec professionals citing the top challenges facing network security [4]:
Why is ransomware still so prevalent?
One reason is that the attacks have proven to be economically effective. Cybersecurity Ventures predicts that ransomware damages reached roughly $11.5 billion in 2019 [5].
Another component is the ease of availability and accessibility to malware. There are a variety of black market websites where entry-level hackers can purchase pre-built kits of ransomware and immediately execute an attack.
Keeping pace with this constantly evolving cybersecurity threat landscape is becoming an increasingly more difficult undertaking. A cloud-native Disaster Recovery-as-a-Service (DRaaS) solution can simplify many of these cybersecurity procedures by replicating critical business workloads to an air-gapped storage repository specializing in ransomware defense.
Disaster recovery planning and ransomware response management is an intricate process which involves technology, processes, and personnel. A managed DRaaS deployment model is designed to simplify these procedures through pre-existing hybrid-cloud infrastructure, customizable solution architecture, and live technical support.
A comprehensive end-to-end DRaaS solution will also have the ability to replicate both production data and active virtual machines (VMs) to an off-site facility purpose-built for disaster recovery orchestration. The cloud environment should leverage dedicated policies to validate backups and prevent the "malware-in-your-backup" attack-loop.
The DRaaS model can achieve this objective through the 3-2-1 Backup Rule. This policy demands three copies of data, stored on two different types of media, one of which air-gapped off-site. DRaaS implementations will also deploy the appropriate product strategy and required level of staffing to deliver these capabilities as a turnkey service. The following functionality will also ensure the uptime and availability of your data in the event of a ransomware attack:
DRaaS is an ideal use case for cloud data protection and ransomware protection. The right solution will combat your favorite Nigerian Prince by automating IT resiliency.
KeepItSafe provides managed cloud backup, disaster recovery, and ransomware protection with Veeam Cloud Connect and Replication. Our customizable suite of data protection services feature ransomware response polices and 24/7 live support to ensure comprehensive data availability.
If you’re interested in learning more about our Veeam-Powered solutions, we invite you to download Data Protection Disaster Recovery, and Ransomware Protection with DRaaS or schedule a consultation with a KeepItSafe recovery professional.
Enter your email below to be notified about new articles.