Occurrences of Ransomware, as a new type of threat to data centers, have risen year over year, according to the Verizon 2021 Data Breach Investigations Report, with newsworthy effects. Cyber insurance ransomware claims have also increased, as if to reflect this trend. According to data obtained by the University of Cambridge, ransomware accounted for 54 percent of insurance claims in 2020, up from just 13 percent between 2014 and 2019.
If you are a victim, the repercussions can be devastating: a total shutdown of your activities, the associated expenditures, a significant loss of reputation, and, most infamously, an astronomical ransom. You are back to square one after all of that.
Ransomware has a number of consequences, including financial damage. When ransomware encrypts the victim's data, it causes obscuration, which can cause major business interruption for days, weeks, or even months. In addition to the direct costs, organizations must additionally pay for emergency response, digital forensics, regulatory penalties, and legal and public relations advice because of long-term reputational harm. In the healthcare industry, ransomware has the potential to be fatal.
Why is ransomware so common?
Money and time are the determining factors. When compared to other attack channels, ransomware attacks are substantially less expensive to deploy and yield better returns. The advent of ransomware-as-a-service (RaaS), in which malevolent ransomware producers sell their software as a license, has made it easier for entry-level hackers to carry out assaults with less technical skills and smaller teams.
So-called "ransomware gangs" have become more structured as a result of the high potential for profit. Many of its members specialize in various attack methods and have diverse duties, which allows these organizations to maximize their potential gains.
The increased use of cryptocurrencies facilitates the spread of ransomware. Cybercriminals are increasingly requesting bitcoin ransom payments, which are untraceable and anonymous. The benefits are self-explanatory. The typical ransom paid in 2020, according to the Verizon DBIR, was $11,150 and the highest reached $1.2 million.
How can you defend yourself against ransomware?
Although no business is immune to ransomware, SafeMode, a high-performance data-protection solution embedded into FlashArray, can significantly reduce the risk.
What is the mechanism behind it?
Your system's volumes, snapshots, hosts, and other data are left intact by SafeMode. It obliterates them. These objects are placed in a specific "destroyed" section that is displayed in the GUI once they have been destroyed. They can be recovered for up to 24 hours. SafeMode permanently removes these items after 24 hours. For mistakes, this Eradication Timer has an "undo" button.
Any array administrator, on the other hand, can delete any item that has been destroyed. It's as simple as clicking the trash can icon next to it, and it will be gone for good. By locking everything in the devastated area, SafeMode prevents this. Before the object may be permanently removed, you must wait for the Eradication Timer to count down. For ransomware, 24 hours is insufficient. We recommend setting the timer for a longer period of time, such as 14 days. You have up to 30 days to choose from.
In conclusion, using SafeMode to safeguard your data is as easy as:
Creating authorized contacts and keeping track of your PIN.
Getting in touch with Pure and enabling SafeMode.
Extending the Eradication Timer beyond 24 hours to allow for a better recovery time.
SafeMode is a high-performance, all-in-one solution. Here are a few more noteworthy points. SafeMode also locks down the following with the most recent Purity release:
Snapshot retention: An attacker cannot delete all the snapshots by setting the retention to zero. This retention can be increased or decreased as needed, but it cannot be dropped until Pure Support is contacted by two approved contacts and their associated PINs.
Targets of the Protection Group: An intruder cannot prevent photographs from being delivered to a different location.
Simply request it by calling Annexus Technologies Support. A conference call with you and your account team will be scheduled by Support.