Why disaster recovery makes the ransomware debate irrelevant

(Image credit: Shutterstock)

Falling victim to a ransomware attack can have catastrophic consequences for a business or even a government organization. Those who don’t take the time to prepare accordingly and make backups or put a disaster recovery plan into place will feel the effects of such an attack the most. They might even consider paying the ransom to regain access to their files which just shows cybercriminals how effective their attacks really are.

To learn more about how organizations and governments should prepare to deal with today’s growing ransomware threat, TechRadar Pro spoke to Druva’s CISO, Tom Conklin.

Why do you think that cybercriminals have shifted the focus of their ransomware campaigns from businesses to governments?

Any organisation, including city governments, without a hardened infrastructure and emergency plans, like disaster recovery systems, can be a ripe target for ransomware.

With access to sensitive information and critical infrastructure, locking down a government system is not only lucrative, but can have national security implications and damage the local economy.  Government systems are not typically known for being up to date with the latest technology, whether through lack of funding, understaffing, or minimal resources, so they are vulnerable targets with a lot of potential benefits for a malicious actor. 

(Image credit: Pixabay)

Do you believe that cities should pay the ransom demands of attackers to regain access to their locked files?

To start, victims should never pay these ransoms. It’s easy to say, and may be harder in practice, but paying only propagates the model. Additionally, we are beginning to see cases where even paying the ransom has not guaranteed that systems are restored. Take for example, Lake City and Riviera Beach, Florida, which still had critical systems down weeks later after paying. With insurance only covering some of the ransom costs, and the cities remaining under attack even after the ransom was paid, it begs the question if there’s any value in doing this. 

Instead, teams should be focused on preparing for any potential attacks. A solid, well-planned, and well-tested disaster recovery plan can short circuit a ransomware and help an organisation continue without interruption.

Some cities have decided not to pay ransom demands as they have backups of their important files and systems. Why is this approach flawed and what can cities do to recover from a ransomware attack faster?

Backups and disaster recovery solutions are a great way to combat ransomware, but it should be used as a last line of defence. Implementing a backup policy in and of itself is not the silver bullet against malicious attacks. Backup and recovery should be part of a holistic strategy that includes everything from hardened internal systems, strengthening your network edge, and ensuring proper protocols are in place for cloud-based applications, where that is multifactor authentication, single sign-on. 

Your enterprise is likely to be tested at some point, but you should make it as hard as possible to reach the final gate before turning to backup and recovery. Like the saying goes – preparation is key. 

(Image credit: Pexels)

What kind of cybersecurity training would you recommend that cities and organizations that are trying to prevent falling victim to a ransomware attack should undergo?

Cybersecurity training is vital in order for any organisation, but training should be scalable based on an individual’s role in the organisation. At a minimum, all employees should be required to take entry level courses that educate on phishing attacks, avoiding malicious emails, etc. Technical teams and IT of course need more regular and in-depth training that dives into the latest tactics, how to spot attacks early on, and the best ways to keep an organisation’s security robust through things like air-gapping, following the 3-2-1 rule, and others.

Have local governments fully embraced the cloud or are many still relying on local storage for their documents and systems?

There are still many still relying on local, on-premises systems because they may lack the local resources, funding, or may not even have the internet bandwidth to move their systems to the cloud on a regular basis. Also, with today’s competitive job market, IT practitioners in public sector are increasingly moving to private companies where the pay and resources can be more substantial. 

But, the "cloud" is a broad term and could mean many things. An organisation that may not be able to move their on-premise systems to a hosting provider could look at limited use of public cloud storage for backups. For small scale workloads this can be something like replicating backups to an AWS S3 bucket with a retention policy. By setting the retention policy it ensures backups cannot be deleted or overwritten.

How will ransomware evolve over the next few years and do you think it will become an even bigger threat than it is now?

Ransomware is going to follow soft targets that have vulnerable systems. This may be small companies that have unpatched systems. My guess is that as more companies adopt cloud services and connect on-premises networks to the internet you'll see more ransomware when the on-premises systems are not patched or properly secured, and in places where cloud accounts are being misconfigured by the customer. Cloud vendors general adopt a shared responsibility model and it’s important those adopting cloud solutions understand where their responsibilities lie.  

Security industry expects the number of attacks and amount of payments will continue to increase at double digit annual growth. We expect to see more targeted attacks vs. broad high-volume attacks.

(Image credit: wk1003mike / Shutterstock)

What emerging cyber threats concern you the most and which ones do you think the general public needs to be more aware of?

Whilst obvious, and seemingly old school – phishing continues to be a major threat for the public and corporate entities alike. The financial and reputational impacts of these attacks can be huge, so we need to work on educating the public on how to spot a phishing email – and how to report it. By understanding the threats we may become subject to – we can better prepare and educate ourselves to deal with them.

On a corporate level, I expect to see these sort of attacks become much more sophisticated. Instead of simple one-off emails, I expect to see attacks that are more social engineered and slowly work on building trust and compromising a system. 

Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead