This article is a great example of needing to understand both your RPO (recovery point objective) AND your RTO (recovery time objective). In the event of a system outage or a ransomware attack, having your data is only half the battle. You also need the ability to restore that data in a timely manner. Timely in this this situation is defined as the ability to restore data quickly enough as to not impact business functions. The hospital in this article had the data they needed in their backups, but could not restore the data quickly enough. The data had no practical value, so the ransom had to be paid to keep the hospital open.
Backup/Recovery and Disaster Recovery plans need to take into account both RPO and RTO and these goals need to be verified and tested on a regular basis. Testing gives the peace of mind an organization needs and wants when an attack occurs.
This is a great article referencing another article that articulates the pitfalls of assuming “because I have a backup, I do not need to fear ransomware”. It is well worth a read and a subsequent review of your backup strategy.
It has been said many times, yet it still bears repeating, backups are fundamental and an absolute necessity in a world riddled with ransomware attacks.
There is nothing terribly new or exciting in this article on its face. Yes, businesses are fearful of ransomware. The hidden nugget in this article is the statistic around backup/recovery. People are consciously improving their backup strategy out of fear. That is a good thing. The needle has been moved.
Though we still want to increase the fight against ransomware and eliminate it wherever possible, the fact that people/organizations are prepared and defending is a small victory in this war.
I believe the simple answer to the title of this article is profitability and ease of use. Much of the ransomware we see in the wild is spread by SPAM and targeted phishing attempts. These messages have a relatively high infection rate because end user training is still lacking in many organizations. Weak backup and recovery solutions force many organizations to pay the ransom in hopes of recovering data, making the attack quite profitable. At the end of the day, we, the end user and support professionals, have made ransomware the successful attack it has become. We need to take back the high ground by implementing better controls and better education.
This biggest takeaway from this article is the need to plan and have a reliable backup/recovery and disaster recovery solution in place that is vetted and tested on a periodic basis. Good plans and well tested processes can help to overcome both physical failures and logical threats like ransomware.