What can we learn from chocolate bars, dogs and the Olympics regarding ransomware attacks?

We are constantly making decisions during our day, both consciously and unconsciously weighing up the pros and cons. Should I drink this tea or coffee in the morning is one question that perhaps  there is only one real answer to.  Going to the gym or choice of snack in the queue at the petrol station are perhaps more rigorously examined in our thoughts.

We are very used to weighing up the cons, mainly time or costs in these instances, which are fairly minor against the benefits of being able to function after some caffeine, losing weight or feeding the greedy devil pig that sits on my shoulder, lured in by the variety of temptations glaring at me so conveniently at the checkout.

Investing in security technology is no different, although the cons are not always so clearly defined. As previously described in my penetration testing blog post, the potential dangers of not improving security measures and staying ahead of growing threats from cyber criminals has typically been the cause of loss of brand reputation, leading to a loss of clients and revenue, or even the loss of precious IP to the wrong individual or competitors.

The pros on the other hand do tend to be rightly scrutinised to justify what could be a significant sum of investment required to implement the latest and greatest vendors product or service.

So, who are we up against in order to make such decisions? Well, much like most dogs or younger siblings, cyber criminals only want what we have; data or information that are irreplaceable and which we would do almost anything to protect. Being held at ransom could publicly demonstrate a lack of security investment or having inadequate measures in place. Perception is a cruel mistress particularly in today’s media world. The threat of being held at ransom for something that is already your intellectual property is then a very real and scary one and should be taken seriously. Although most organisations have security at the top of their agenda, and abide by growing regulations and new audit requirements, they may find themselves in a trap with potentially only one expensive escape route.

You can of course improve security through better policies and education to reduce the number of employees clicking on dodgy links, keep putting more restrictions on users control of their PCs or blocking USB drives, keep up to date with the latest bug fixes and software versions, use VPNs and avoid public networks as well as many others. However, most security controls are generally a case of building a bigger and bigger wall for the attackers to inevitably get over or sneak through cracks in the foundations.

You might wonder where I am going with this one but after enjoying the past few weeks of sport I could not resist. Even with the best scanning and detection software, attackers can and will learn to avoid detection. Just look at the Russian Olympic Committee (who finished behind the might of Great Britain I must add) recent participation in the Olympic games. Walking away in 5^th position with a total of 71 medals, with just the few comrades caught by WADA watching on from home.

What if you could take away the ability of athletes to cheat or cyber criminals to hold you to ransom for money? Rather than increasing the number or frequency of testing or educating sports people of the potential risks of doping, just like installing a better firewall or training users on the hazards of click bait. Perhaps legalising drug use in sport and allowing the human race to alter the boundaries of our physical capabilities would take away the ability to break the current rules. Obviously, this causes some moral concerns and I am not actually condoning this in fear of how far some would be willing to push themselves, but in the case of cyber attacks, what if you could take away the attackers ability to simply break the rules and hold you at ransom?

By having a second copy of your most valued intellectual property stored away separately in secure environment, only accessible if required to continue operations during a ransom attack, this could remove an attacker’s ability to lock down the primary systems propping up your business and operations. 

Here at Escrow London, we have been storing precious IP and data on behalf of clients for years. While providing a suite of security services to assist our clients in protecting their assets and reputations, we have been pioneers in developing several software continuity options for our clients and market standards for automation and escrow. Most recently these developments have led us to releasing 3 key Ransomware Recovery Escrow solutions to protect against these types of malicious activities. These include:

Ransomware Recovery Live

Ensure efficient continuity in the event of an attack on live and DR environments. Escrow London will maintain a complete replica of your production environment which will be hosted independently and maintained in a dormant state that can be spun up in the event of an attack. The replica environment will be tested on either a monthly or quarterly basis to ensure it will be available if ever needed.

Ransomware Database Recovery

From the hackers’ perspective, encrypting databases are an easy way to inflict maximum damage. For a business, the loss of access to data will cause severe damage both operationally and financially. A daily deposit of your encrypted database backups to the Escrow London cloud vaults via a pull process will keep your database backup out of the reach of hackers. 

Ransomware Source Code & Infrastructure as Code Sync

Protect your development source code and deployment scripts such as Terraform and CloudFormation from ransomware hackers. Synchronize your Git repos with the Escrow London Git Collector servers and securely backup your code repos on a daily basis. We support all leading Git repos including GitHub, Bitbucket, GitLab, AzureDevops and more. Escrow London services include a weekly integrity test to provide assurance that files have not been unknowingly compromised by hackers in the background. 

Thanks for reading. Please get in touch should you have any continuity requirements you would like to discuss.