Ad Image

Large or Small, Ransomware Attacks Impact Us All

Zerto’s Kevin Cole offers insights on how large or small, ransomware attacks impact us all. This article originally appeared on Solutions Review’s Insight Jam, an enterprise IT community enabling the human conversation on AI.

The looming threat of ransomware attacks has put organizations across industries on high alert, with a common misconception being that these threats are predominantly large-scale. The reality is that cybercriminals can wreak havoc with small amounts of data and still have a consequential impact.  

For example, Zerto, a Hewlett Packard Enterprise company, analyzed 116 ransomware attacks worldwide, consisting of 43 unique ransomware variants, that revealed the average size of datasets affected was just 183.5GB. Given that the average ransomware solution can encrypt 1GB of data in 47.7 seconds, it would take about two and a half hours to complete encryption for 183.5GB of data, which is a relatively quick turnaround.  

An organization looking to recover from ransomware might consider restoring a backup copy. Unfortunately, most backups are only made once a day—often late at night long after business hours. Some backup vendors include ransomware scanning as part of this backup process, but this significant gap between backup copies—often 12 or 24 hours– poses a significant risk to organizations. By the time the backup software begins looking for malicious encryption, the cyber-criminals have long since finished and encrypted all the data they could get their hands on. Any organization caught in such circumstances would be vulnerable to encryption before it could even respond, highlighting one of the key reasons ransomware remains an effective tactic for cybercriminals.  

study from Chainanaylsis estimated that ransomware payments reached a peak of $1.1 billion in 2023, further indicating that these attacks will continue to escalate in scope, volume, and frequency. A number of factors contribute to these statistics, including the widespread adoption of ‘ransomware-as-a-service’ and deployment of attacks exposing zero-day flaws. 

The Road to Resiliency Requires Real-Time Threat Detection 

Regardless of the alarming statistics surrounding ransomware, there are comprehensive and consistently evolving solutions designed specifically for recovery and resilience that organizations can take advantage of. A key aspect of cyber resilience is the combined prioritization of recovery alongside the implementation of detection and mitigation solutions across IT infrastructures. 

Despite understanding that recovery is an essential tool for combatting ransomware, organizations continue to face pivotal challenges, including the ability to identify which datasets need to be reinstated, which recovery points have been compromised, and which points remain unencrypted. In addition to these issues, organizations are finding that traditional methods for pinpointing secure recovery points lack the flexibility required to adjust to a rapidly changing threat landscape.  

In most cases, these traditional methods identify recovery points through scanning backup data that is several hours old, leaving results outdated by the time modern ransomware attacks occur. For organizations facing these struggles, an additional challenge emerges from security vendors that limit customers to specific third-party or add-on tools that can create similar issues.  

By utilizing solutions that check for encryption at the same time data is written, organizations put themselves in a position where ransomware can be detected while avoiding the gap current recovery procedures create. With this approach, organizations can rest easy knowing that their IT environment is consistently being monitored for attacks with real-time encryption detection.  

Real-time encryption detection shifts the focus from a reaction time of hours to a reaction time of seconds. Instantaneous alerts for suspicious activity give security teams the leverage to respond immediately, instead of scrambling to address an incident that has already resulted in considerable disruption. By taking advantage of solutions with advanced detection capabilities, organizations can shift the way they approach recovery and mitigation — ultimately minimizing sole dependency on backups and allowing for instant action in the case of disruptions.  

With the integration of real-time threat and behavior analysis, organizations can automate the early detection of ransomware, allowing for a swift response right at the onset of an attack. This enables a focus on a Recovery Point Objective (RPO) that’s mere seconds from the attack’s start, significantly reducing data loss and operational disruptions. Moreover, these capabilities are crucial in addressing the small-scale data encryption typical for modern ransomware attacks, empowering organizations and their security teams to maintain operations confidently amidst today’s complex digital challenges. 

Share This

Related Posts