Can your business afford to be down for a month?When Minister Pravin Gordhan updated the public through a media briefing on the ransomware attack on Transnet that struck down the company’s systems from 22 July almost a month after the event, he noted that only 90% of Transnet’s systems are running.
The damage both financially and reputationally is very real particularly in the light of a Force Majeure. Rumblings within industries that rely on Transnet’s logistically show that the paper-based services that many are now having to use while Transnet recovers has been highly frustrating and inefficient. Many businesses are reporting significant delays in the processing of cargo and the releasing of freight.
Some of the residual damage that has come to light over this time included: trucks standing idle whilst waiting for goods to be released, the expiry period of perishable goods was eroded, many businesses faced late deliveries and potential penalties because goods were delayed, many ships were anchored for days or even a couple of weeks waiting to offload cargo at the various ports.
With the largest port on the African continent paralysed for over 10 days and crippled for weeks, highlights the need to find better and more reliable protection from ransomware is now critical for the South African market.
Even though the damage is done, the staggered recovery of the Transnet systems recovery is reasonable, primarily because of the way current sophisticated ransomware works. Many ransomware variants have a dormancy period of weeks or sometimes months, allowing them to replicate across all your backups and recovery services before activation.
That will effectively mean that when you restore your services from your backups, it’s likely that your recovery will still be infected. With Transnet’s staggering recovery, it could mean they are trying to avoid exactly that, but after almost a month, customers are getting understandably antsy. That said, its heartening to see that no Ransome has been paid.
This process highlights the need for a well thought out plan for recovery in event of a cyber attack of this nature. Planning for something like this is difficult, but it has to be done. For most businesses in South Africa especially, it’s a matter of when, not if, they will face a ransomware attack.
According to Sophos research, 24% of businesses in South Africa surveyed were hit by a ransomware attack in year. Of those only 11% were able to recover all their data in a reasonable period.
Key to the preparation for an event like this is to ensure that you have an immutable copy of your data and to ensure that the golden copy of your data is air-gapped away from your systems, users and network. This is part of the creation of a cyber recovery vault, a place to store critical data while protecting it from the outside world and stealth attack.
Using the right technology will also allow you to scan any data added with machine learning technologies and AI to detect any anomalies that will prevent ransomware from hiding out in your data, waiting to attack. GlassHouse provides Dell’s Cyber Recovery Solution with PowerProtect to assist our clients with this process and implementation.
Cyber recovery as a discipline needs to form part of business resilience planning, similar to what backup and recovery, business continuity and business resumption planning have become over the years.
By Rudolph Visagie, GlassHouse South Africa Solutions Architect