Complex Made Simple

7 proven ransomware best practices for Middle East financial institutions

By:  Gregg Petersen, Regional Vice President, Middle East & Africa at Veeam Software

After becoming one of the main cybersecurity threats in 2016 and causing global chaos in May 2017, ransomware is currently keeping everyone in a state of constant security alert.

Financial organizations are particularly at risk, targeted by approximately 13% of total attacks.

Ransomware was actually reported as the number one vector of security risk in the financial sector in the 2016 SANS Survey, reported by 55% of the financial services firms surveyed.

The outcomes of these attacks can be highly damaging. Hackers successfully extorted a total of up to $500 million from more than 32% of financial institutions in 2016 alone.

Hotel Tech 2018: All you need to know about tech tools that deliver value

How ransomware impacts the financial services industry

Numerous attacks were reported in the last few years. Armada Collective attacked three Greek banks, encrypting valuable data and asking for €7 million (20,000 Bitcoin) from each bank, followed by three other attacks in a span of five days.

A 2016 report by SentinelOne on ransomware highlighted that the most vulnerable data for ransomware attacks are employee records, financial data, customer information, product & IP, payroll/HR and research.

Beyond the use of sophisticated attack techniques, such as social engineering and the development of Ransomware as a Service platform, ransomware has been driven by certain key factors, such as security holes, lack of IT security knowledge, wrong permissions, lack of patching, and inadequate backup and recovery processes.

Finally, the appearance of anonymous e-currency as a payment method as well as the decision to pay the ransom contribute greatly to encouraging cybercriminals’ future attempts.

Watch 7 tech trends of tomorrow today: Change life

7 best practices for ransomware resilience in financial services

1-Use different credentials for backup storage:  The username context that is used to access backup storage should be closely guarded and exclusive for that purpose. Additionally, other security contexts shouldn’t be able to access the backup storage other than the account(s) needed for the actual backup operations. Do not use DOMAIN / Administrator for everything.

2-Start using the 3-2-1 Rule: Veeam promotes the 3-2-1 Rule often and for good reason. It essentially states to have three different copies of your media on two different media sites, one of which is off-site. This will help address any failure scenario without requiring specific technology. Moreover, to effectively prepare for the advent of a ransomware attack, you should ensure that one of the copies is air-gapped, i.e., on offline media.

3-Have offline storage as part of the Availability strategy: One of the best defences against the propagation of ransomware encryption to the backup storage is to maintain offline storage. There are numerous offline (and semi-offline) storage options. These include:

a-Tape: Completely offline when not being written or read from

b-Storage snapshots of primary storage: A semi-offline technique for primary storage, but if the storage device holding backup supports this capability, it is worth leveraging to prevent ransomware attacks.

c-Cloud: A great additional resource for resiliency against ransomware. For one, it’s a different file system, and secondly, it is authenticated differently.

d-Rotating hard drives (rotating media): Offline when not being written to or read from

Read: How many billions is the Middle East contributing to Formula 1 Grand Prix?

4-Leverage different file systems for backup storage: Having different protocols involved can be another way to prepare for a ransomware attack.

5-Achieve complete visibility of your IT infrastructure: One of the biggest fears of ransomware is the possibility that it may propagate to other systems. Gaining visibility into potential activity is a massive value-add and should have a pre-defined alarm that will trigger if there are a lot of writes and high processor utilization, which is a typical ransomware pattern.

6-Let the Backup Copy Job do the work for you: The Backup Copy Job is a great mechanism to have in order to create restore points on different storage and with different retention rules than the regular backup job.

7-Educate all employees on ransomware not just your IT staff: Social engineering and phishing schemes are effective when companies do not educate employees on the dangers of ransomware nor the specific activities that leave the company vulnerable.