Product Tips

Protecting your data from Ransomware


Published on January 14, 2020

Ransomware is malicious software that denies users access to a computer system or data until they pay a ransom. These kinds of attacks are making headlines more often, including this past week when the BBC reported that travel money service Travelex’s operations have been disrupted since January 1 after falling victim to a ransomware attack. The attacks are pervasive enough that the FBI issued an alert on ransomeware late last year, warning that “losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information.”

Ransomware, like other types of malware, is by no means a new threat, but it’s one that’s becoming increasingly complex and harmful. While there are signs that traditional consumer-targeted attacks are decreasing, attackers are shifting their attention to organizations in search of higher returns. In fact, ransomware extortion is so successful that attackers now offer ransomware as a service (RaaS) that criminals can subscribe to for a fee to help scale their operations. The Travelex incident is one such attack.

Business detections of ransomware rose 365% between Q2 2018 and Q2 2019. Industries with legacy infrastructure, such as education, healthcare, manufacturing, transportation, and government are particularly vulnerable to these attacks. As of September of last year, the MS-ISAC (Multi-State Information Sharing & Analysis Center) received approximately 60% more reported ransomware incidents affecting state, local, tribal, and territorial governments in 2019 than for the entire year of 2018.

While the problem is pervasive, a lack of adequate funding for cybersecurity means organizations are finding it difficult to harden their systems against ransomware attacks. According to the National Association of State Chief Information Officers, less than 3% of state IT budgets are dedicated to cybersecurity in most states. When a ransomware attack hits, the cost to recover is often more than the committed annual budget for cybersecurity. And recovering data isn’t the only cost after an attack. In addition to paying a ransom or losing critical data, organizations may also face forensic and legal costs, be required to provide credit monitoring services for customers or employees, and will likely experience lost revenue from operational downtime. The true costs of a ransomware attack for a small business can exceed $700,000—and can be even more for larger organizations.

What can you do about ransomware?

One way to mitigate the effects of ransomware is to have reliable backups of your data. However, constantly backing up data can be costly, resource intensive, and hard to get right. Even if backups are running, regularly testing them across an organization is also difficult to do correctly and comprehensively. Because of these challenges, cloud storage companies can be one of the most effective lines of defense against these attacks. Cloud service providers offer frequent snapshots of your data without your IT team having to configure, manage, and test backups themselves, and these snapshots sit on top of an infrastructure already designed to maintain the durability of your data. As the Center for Internet Security notes, “Using cloud services could help mitigate ransomware infections since many retain previous versions of files, allowing you to roll back to the unencrypted form.”

Malware is an issue that threatens both individuals and enterprise customers. This is a challenge Dropbox Business is well-positioned to solve. The advantage of a file sync service like Dropbox over traditional timed backups is that a new snapshot is made anytime you create or update a file. These snapshots are available to Dropbox customers for up to 180 days.

In 2018, around 40% of all Dropbox customer support tickets about file restorations were account rollback requests, many of which were related to malware infections. Fortunately, our support agents can use our version history capabilities to revert accounts back to a state before they were infected by ransomware. 

We are working hard to stop the cycle of ransomware that puts our customers’ data at risk. As a result, we developed a self-service tool our customers can use when a crisis occurs. To recover quickly in an emergency when every minute counts, we created Dropbox Rewind. This powerful capability enables Dropbox customers to pick the exact point in time to which they need to revert their account and syncs changes across all connected devices.

Do not let ransomware deny you access to your data. Cloud services like Dropbox Business are an important tool in the fight against ransomware. Read this help center article to learn more about how Dropbox Business can help you recover from a ransomware attack.