October is National Cybersecurity Awareness Month and, according to TechNewsWorld.com, in an article published in October 2019, “the global damage from ransomware could cost US$11.5 billion this year […] while the average downtime for organizations was 9.6 days!”
The bad guys never sleep, it seems, as a chain of hospitals in Alabama was finally able to accept new patients again after being locked out of their systems for TEN DAYS. Reports said that existing patient care was not interrupted, but that staff reverted to using paper records. The hospital chain had to pay a ransom to regain access to their systems and claimed to be grateful to have cyber insurance. Ten days? Any new patient had to be sent elsewhere during this time.
Some might say the delay is due to the conversion of dollars to bitcoin and facilitating the subsequent transfer. Ransomware payments in bitcoin is a favorite among cybercriminals. Others might say it was a futile attempt to recover good data from backups. A third possible scenario involves the amount of time the insurance company spent deciding if the event was covered, then negotiating for a lower price.
RYUK ransomware was the variant used in this attack. Otherwise known as crypto-ransomware, it uses a trojan-horse style delivery method to become a hidden time bomb while baddies gain additional information about your network. RYUK also enumerates network shares and encrypts anything it can access. By the time it deploys, your backups, replicated files, remote locations, and records could be encrypted, and the bad guys win and get paid.
Recovering from a RYUK Ransomware Attack
With Enhanced Data Protection you can have your files, applications, data, and services available quickly—all while letting GDV manage the entire process. You can see how that works right here: Real Life Ransomware Protection with Global Data Vault.
Our Enhanced Data Protection allows us to quickly recover from the worst-case-scenario — the scenario where the attack has succeeded in encrypting all the primary data AND deleting the cloud repositories. Our proprietary technology gives us the ability to recover and restore the “deleted” cloud repositories. These can be spun up to run from our cloud infrastructure or restored to the primary infrastructure… defeating the attack and allowing the organization to recover without paying the ransom.