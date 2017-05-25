By Bharath Vasudevan, Product Manager, HPE Software-defined and Cloud Group

Crime pays. Or at least that was the thinking of hacker(s) "thedarkoverlord" when attempting to extort Netflix and other major film and television studios, namely ABC and Fox, for an undisclosed amount of money. Using stolen episodes of popular shows such as Orange is the New Black as trade chips, "thedarkoverlord" offered to return Netflix's captured content in exchange for a ransom.

Ransomware is, at this point, common. All types of companies are capable of being hit, whether they be small businesses in the educational sector, or enterprise manufacturing firms. Companies have nowhere to hide. Recently the widespread WannaCry ransomware attack affected hundreds of thousands of computers across the globe, including companies such as FedEx. Although no one should be surprised by cyberattacks such as these, lessons can still be learned to help thwart them.

Lesson #1: Know how data is protected ... no matter where it lives The most shocking part about the Netflix ransomware attack is its scope and the notoriety of the victims. How could this have happened? Don't these studio giants have security measures in place? The answer to that question is yes (and very good security measures at that). But, although the big players such as Fox, ABC, and Netflix have enacted stellar security and data protection practices, the data in this attack wasn't actually stolen from their systems, but from a smaller post-production firm called Larson Studios. Cybercriminals target these smaller, less protected companies in order to bypass enterprises and their massive security measurements. This goes to show, all companies need to know how their data is being protected, whether it be in-house or in a different company's hands. This attack should especially resonate with public cloud users. Don't just assume public cloud providers are protecting data. The results could be disastrous.

Lesson #2: Don't give in to criminal demands Cyber criminals are often part of larger, unlawful organizations, so paying a ransom can lead to incidental funding of illicit groups. With this in mind, Netflix and Larson Studios absolutely did the right thing by refusing to pay the hacker(s). Although the demands may seem "reasonable" compared to the potential cost of a leak, or the cost of IT downtime — which can be about $9,000 per minute, according to the Ponemon Institute, organizations need to be wary that paying a ransom can paint a target on a company's back as criminals know they can be successful again at the same organization. In the same vein, the FBI reports that paying a ransom does not guarantee a company's data will be released or returned. So it's best to follow the examples set by Netflix and Larson Studios and refuse to reward criminal behavior.

Lesson #3: It could happen to anyone Data is the most precious asset to every company ... and to every cybercriminal. Although data protection stories such as Netflix's will get the most attention because of the organization involved, ransomware can impact any organization, regardless of size, brand name, or industry. Because data is so valuable to both companies and criminals, IT leaders need to take steps to secure data. Many IT systems rely on third-party backup and data protection software to handle any disaster recovery needs. However, solutions such as HPE SimpliVity's hyperconverged platforms offer built-in and automated disaster recovery and data protection services, enabling companies to get back online in the case of an emergency -- even with a ransomware attack. With the ability to backup data almost in real-time, HPE SimpliVity can shrink recovery points and recovery times. This way businesses won't lose a critical amount of data, and therefore won't need to pay a ransom, even if cybercriminals strike.

