Combating Ransomware with Traditional Backups
Ransomware is a favorite tactic of miscreants (external players who seek to do harm to a system of computing infrastructure) and is quickly becoming a major issue for many businesses and industries, with the potential to have impact on business operations and the vital services that organizations provide for their customers—as well as causing a tremendous amount of emotional and administrative stress for employees and partners.
The damaging effects of ransomware
According to the FBI, victims are estimated to have paid over $1 billion in ransoms in 2016—more than 41 times the estimated ransoms paid in 2015. An example of current ransomware is the "WannaCry" cyber-attack on May 12, 2017, which significantly affected the National Health Service (NHS) of the United Kingdom.
Over 200,000 systems were infected, including 60 NHS trusts. Medical centers lost access to patient records. Appointments were canceled, and surgeries and ambulances were delayed. The real-world effects of this attack proved life-threatening.
How effective backups can help
The backup and restore process has always been a fundamental pillar of data restoration, disaster recovery, and business continuity efforts. If you lose something, you restore it from your backups. It's that simple. As an example of the simplicity of this solution, our company responded to four ransomware attacks last month alone. Using our RAMP service, these firms were up and running in a matter of hours and did not pay a dollar in ransom.
There are three challenges, though, with making this simple solution a reality:
- The data must be backed up successfully.
- The backup system must contain a backup version of the data prior to the infection event.
- The restore must be completed successfully.
Thinking you’re protected when you're not
In some cases, people believe they’re protected when they’re not. Advances in storage and backup technology have created many effective technologies to protect storage, such as replication and continuous data protection (CDP). These products provide many excellent features and can increase operational efficiency for storage protection and reduce downtime.
Often these technologies are considered a backup function, though, and the sole backup resource in an environment—meaning the environment is not protected from ransomware attacks. For example, if replication is your sole backup strategy, it’s likely that your ransomware-encrypted files will be replicated by your “backup” system.
So when you go to restore from your backup, the backup will be encrypted as well, forcing you to concede the ransom or start over and try to rebuild the system and data by hand. Neither option is particularly appealing.
Given interest in this topic, my next article will explore several data protection paradigms and how they might support ransomware mitigation strategies.
How can businesses better protect themselves against ransomware threats? Do you have any advice that might help? Please share your thoughts and comments.
Thank you for reading this article. Please connect with me here on Linkedin:
Jason Thomas is the COO of The Collective Group in Austin, TX.
Originally published on Linkedin: https://www.linkedin.com/pulse/your-backup-real-part-ii-combating-ransomware-backups-thomas-phd/