Ransomware on the rise

Mitigate risk in case of attack

+ show more

Executive summary

Ransomware has quickly become one of the most pervasive and dangerous cyberthreats today, shaking the foundation of many companies. The latest ransomware attacks can permeate even the most stringent enterprise security systems and practices and quickly spread throughout an organization, disrupting user productivity and business operations.

Comprehensive backup and recovery plans are absolutely essential for combating today’s sophisticated ransomware threats. By quickly restoring infected applications and data to their previous clean state, IT organizations can minimize the impact of a ransomware outbreak and limit revenue loss and customer frustration. This paper reviews the latest ransomware trends and implications and explains how HPE SimpliVity hyperconverged infrastructure accelerates data backup and recovery functions to mitigate ransomware risks.


Today’s ransomware is sophisticated, destructive, and inescapable. Attacks are growing in diversity, complexity, and severity. Ransomware is a top concern for today’s IT organizations, yet only 50% of a surveyed group of cyber professionals believe their organizations are prepared to repel a ransomware attack.  1


According to Cybersecurity Ventures, ransomware attacks are on the rise—they’re estimated to occur every 11 seconds and cost global organizations $20 billion by 2021. This is 57X more than it was in 2015, making ransomware the fastest growing type of cybercrime.  2 It can impact any business, regardless of size or industry, causing downtime and financial loss. Not that long ago, ransomware was fairly primitive and benign. So-called “computer locker” attacks would seize a computer by disabling keyboard or mouse functionality. In most cases, IT professionals could simply ignore ransom demands and restore an infected computer to its previous working state by using off-the-shelf malware removal tools. Much has changed in the past several years. Today’s ransomware attacks are far more advanced and invasive. The latest ransomware programs are capable of encrypting data files and locking users out of their own data. The encryption can spread throughout an organization, locking up data across the enterprise, and disrupting business operations. Some variants even threaten to post confidential data to the internet unless a ransom is paid. These attacks are difficult to prevent or remediate. All are specifically designed to avoid detection by security applications, using techniques like polymorphism and throwaway command and control servers. Post-infection, the malware also impairs recovery efforts. Some encrypt native Windows backup files, prohibiting restoration without a decryption key. Others simply delete native backup files altogether, making recovery impossible.


Ransomware is becoming more pervasive every month, putting an increasing number of businesses at risk. Contemporary ransomware attacks are aimed not only at Windows machines, but also at Linux® and Mac OS systems, and mobile devices. And new “ransomwareas-a-service” schemes allow any criminal with basic computer skills and internet access to get into the ransomware business. The ransomware author makes the malware available to other cybercriminals in exchange for a percentage of the ransom payment.


In Q1 2020, the average ransomware demand amount increased to $111,605, according to Coveware. Whether to pay the ransom is a business decision that must be evaluated by individual companies.


Law enforcement agencies like the FBI do not support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.  3

However, Forrester Research recently submitted that for some companies, paying the ransom is a viable option to consider as the costs associated with downtime can be significant, taking days or weeks to resolve. The true cost of a ransomware attack—system downtime and lost business—can wreak havoc on an organization’s IT infrastructure. Prolonged system downtime can impair employee productivity and customer satisfaction, impacting a company’s bottom line. The true cost of a ransomware outbreak includes quantifiable costs like lost revenue as well as less tangible costs like damage to a company’s reputation. The more widespread and drawn-out the disruption, the greater the costs. According to Coveware, in Q1 2020, the average downtime for larger enterprises, who often spend weeks fully remediating and restoring their systems after an attack, is 15 days.  4 Ultimately, organizations need to weigh all the costs of paying a ransom vs not, and decide for themselves what makes most sense for their business.


Rapid data backup and recovery is fundamental for business continuity. Unfortunately, even the best security systems and practices cannot fully protect against today’s sophisticated ransomware attacks. The latest programs are specifically designed to evade signature based detection. A comprehensive data backup and recovery plan is absolutely critical for restoring operations in the event of an outbreak. The best way to minimize the impact of a ransomware attack is to restore services as quickly as possible, with minimal data loss. A fast and efficient offline backup and recovery solution is paramount.


HPE SimpliVity accelerates data recovery and mitigates ransomware risks. There are steps a business can take to minimize data loss and company downtime brought on by a cyberattack. An important first step is defining the recovery-time objectives (RTOs) and recovery-point objectives (RPOs). IT administrators need to determine how long the business can afford to be shut down while waiting for the restore to take place, and how many hours of business-critical data the company can afford to lose. Then, focus the data protection strategy around a solution that is capable of getting the infrastructure running again in the time provisioned.


An HPE SimpliVity hyperconverged solution consolidates the IT infrastructure and simplifies both the data protection scheme and the recovery process, particularly for businesses with multiple remote offices to support. Solutions that offer integrated functions, such as built-in data protection, help to ease the burden at remote offices and provide better protection across the company.


HPE SimpliVity hyperconverged infrastructure provides a scalable, modular, 1 or 2U building block of x86 resources that offers all the functionality of traditional IT infrastructure—including hypervisor, compute, storage, and data protection capabilities—in a single device, with a unified VM-centric administrative interface. The HPE SimpliVity built-in data protection functionality accelerates data backup and restoration operations, helping IT organizations rapidly recover from ransomware attacks. The solution reduces equipment and operations expenses and complexity by eliminating or drastically reducing special-purpose data backup and recovery tools, data deduplication solutions, and WAN optimization appliances.


The HPE SimpliVity data efficiencies enable more frequent backups for near-continuous data protection, longer retention periods, and faster recovery. With HPE SimpliVity, terabyte-sized VMs can be backed up and restored in less than a minute. In the event of a ransomware infection, a VM and all its data can be restored quickly and easily, minimizing system downtime, business disruptions, and revenue loss.

  • Conclusion

    Contemporary ransomware programs can permeate enterprise security systems, paralyze IT infrastructure, and disrupt mission-critical applications.

    A comprehensive offline backup and recovery solution is essential for remediating ransomware infections and limiting exposure. HPE SimpliVity hyperconverged infrastructure with built-in data protection has been proven to accelerate backup and recovery functions and mitigate ransomware risks. With HPE SimpliVity, organizations can restore critical applications quickly and easily, reducing business disruption and revenue loss.

Learn more at


Download the PDF

Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Windows is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. VMware vCenter is a registered trademark or trademark of VMware, Inc. and its subsidiaries in the United States and other jurisdictions. All third-party marks are property of their respective owners.