It sounds like the plot to a mediocre science fiction film.
The year is 2017. A ransomware virus has caused untold havoc among the IT systems of planet earth, disabling private companies and hindering public services. Cyber criminals are demanding huge sums of cash in return for releasing their victims from the vicelike grip of this digital demon. Who can save them?
Yet, this is no movie. This is the scenario that occurred in May following WannaCry, a ransomware attack that exploited vulnerability in Microsoft Windows.
This particular cyber assault hit 150 countries, 1000s of computers and brought several hospitals in the UK to a standstill, causing vital operations to be cancelled.
From Honda’s Sayama car plant in northwest Tokyo to traffic cameras in Melbourne, many thousands of individuals, companies and services were affected in what became a global IT crisis.
Eventually it was halted, almost by mistake, when a 22-year old researcher from Devon, Marcus Hutchins, inadvertently activated the ransomware’s kill switch while attempting to uncover more about its origins.
The world breathed a collective sign of relief but not before many people had handed over the $300 bitcoin ransom to take back control of their computer systems.
That is what ransomware does. It holds your files hostage until you pay a ransom to have it removed. Typically, it spreads as a Trojan virus, arriving in a computer system through a network service or via a downloaded file, disguised as legitimate software.
In the case of WannaCry, the malware encrypted files using ciphers that allowed hackers to directly decrypt system files. To remove it, a decryptor was required. This decryptor costs hundreds of dollars in bitcoins (the digital payment system) in order to make it work.
Media companies are weak and vulnerable
If you work in media (and you’ve read this far) and you are still wondering why this is all relevant to you, let’s explain.
Cybercrime is on the rise and there is every chance your company could be affected next.
In the eight months that followed its inception in October 2016, the UK’s National Cyber Security Centre (NCSC) recorded 480 major cyber incidents that required its attention.
The majority of those incidents, 451, were what is referred to as level 3 attacks ie those that are typically confined to single organisations. At the time of writing, there have been no level 1 national cyber security incidents, that being the highest ranking for crimes of this nature.
The latter is great news but the former illustrates just how vulnerable individual companies are. And few are more vulnerable than media companies.
Media companies are particularly susceptible because many keep all, or a major chunk, of their data assets in just one location, despite warnings to the contrary.
But there are solutions
Valuable data should always be backed-up in at least one, preferably two, places.
This is because the best defence against ransomware is an efficient backup and disaster recovery plan. It won’t make an attack completely painless but it will allow a company to restore its data and systems.
Backing up important data should be done on a daily basis so, if your company is attacked, you won’t have to pay to get your data back. It’s pretty simple really.
Unfortunately, malware can now locate online and offline backups and can even encrypt or delete those backup files. However secure, cloud-based backups can fall victim to ransomware too.
One potential solution is to ensure that your data – either the local version or its backup or both – cannot be overwritten or deleted. This is where WORM (write once, read many) becomes crucial.
The WORM has turned
WORM is a data storage technology that allows information to be written once and prevents the drive from erasing that data.
Additional data can be added until the capacity is full but any recorded data cannot be deleted or overwritten. The written data housed on the storage medium can be read as many times as desired.
One purpose of WORM is to allow big financial and legal organisations to meet regulatory retention requirements but it also extremely useful when it comes to archiving and, importantly, when dealing with the consequences cybercrime and IT systems failure. Both of these things are particularly relevant for media companies.
A brief history of WORM