Improve Your Ransomware Resiliency with Reliable Backup and
Recovery
By Steve Costigan, Senior Director, International Solutions Architects, Zadara Storage
If your ransomware-protection strategy doesn't yet include "contain
attacks--and successfully restore from backups," here's your wake-up call.
The value of data is growing
every year and reports of ransomware attacks are on the rise. Because otherwise, when
this growing cyber-threat comes knocking, your organization may be in for a
prolonged, expensive siege.
Organizations are increasingly vulnerable these days, more people
working remotely, often on inadequately secured devices, which IT departments
are increasingly stretched to provision and manage. At the same time, employees
following COVID-19 and other news are more likely to click on dangerous web
pages and email links that let ransomware attacks get in.
Here's a quick look at why ransomware poses additional dangers to your
company's operations, brand, and bottom line compared to malware and other
attacks - and what you can do to protect your data storage and backups from
these new cyber dangers.
Ransomware Can Be Different from
Previous Cyber-Threats - And Not in a Good Way
Ransomware typically denies you access to some or all of your data -
and, true to its name, demands you pay the malefactor (typically in a
cryptocurrency like Bitcoin) in order to regain access to your data.
This data can include your Office 365 documents and spreadsheets, CRM
and other databases, confidential email and customer data - the data that your
company runs on - and can't run without, or nowhere as well.
At "best," you might pay an affordable ransom, and regain
access to your data in a timely fashion. Even then, paying up establishes you
as a willing target to repeat attacks and to other cyber attackers.
If you have been making regular backups, you might be able to restore
your data. Or in-house or third-party expertise may find a way to restore
access to your data. But this can take time - days to weeks - during which your
company's ability to do business is, at best, severely handicapped.
The average days of downtime from a ransomware attack is a little over
two weeks. And, according
to Coveware, "Business interruption costs are often five to 10 times higher
than direct costs." For example, the city of Atlanta, Georgia spent over
$5 million to cover from a ransomware attack in 2018 - and an estimated $50
million for a 2019 attack.
But there are other likely scenarios once a ransomware attack gets to
your data:
- UNSUCCESSFUL RESTORE. Even if you
pay the demanded ransom, you may not get your data back. It's quite possible
that the ransomware attacker can't undo their attack. Or perhaps they could
have - but they might have been caught or otherwise
disrupted, and, in the process, have lost (or destroyed) the encryption keys to
your data. Or they simply don't feel like it, perhaps never planned to.
- LEAKAGE AND BLACKMAIL. Having gained
access to your data, the attacker may have copied (stolen) some or all, and is
prepared to do "exfiltration extortion" - sell sensitive data,
blackmail customers (and/or you), or otherwise make criminal use of the data.
- FINES AND OTHER COSTS. Depending on
your industry and what states and countries you are located in, or do business in, the mere fact that sensitive data has
been exposed may make you liable to significant fines, along with the costs of
notifying customers or other impacted parties.
- BACKUPS BROKEN. The backups you
count on for recovery may be toast. The successful infiltration of your company
may have occurred weeks, even months prior to the ransom demand. During this
time, the attacker may have been working their way through your backups,
similarly encrypting or corrupting them, so that when IT attempts to recover
via one of these backups, rather than pay up -
it's discovered that this can't be done.
- HERE THEY COME AGAIN. Having gained
access to your networks and systems, the attacker
may also perform other attacks you are not yet aware of. These could
include using your system or resources for
cryptojacking ("mining" for cybercurrency), or could leave
your future data at risk.
And, of course, if one ransomware attacker can get in, so can others.
Protecting Your Data from
Ransomware (And Other) Attacks: What's New
New technologies are enabling powerful new ways to protect and secure
your data:
- Isolation. Just like companies are
increasingly segmenting their networks to contain incursions and infections,
new technologies let you architect your storage as virtual storage arrays,
which can limit how far a ransomware attack can reach. (Think of these like
airlocks or moats, if that helps.)
- Change Control.
"Immutability," using tools like blockchain and object lock storage,
prevents data from being changed by normal processes, and confirms data is
still unaltered.
- Multi-tier, multi-copy backups
including off-site and off-line backups. Hybrid storage lets you, as needed,
have data on-premises, in the off-premises cloud, and go to off-site, providing
both nearline and offline recovery points.
What can you do? Work with technology partners who are already seeing
and addressing ransomware and other threats to your company's data to help you
keep evolving your protection. And keep your employees on guard and informed -
make sure they know how they can help...and what they should remember not to
do.
Protecting data in today's hybrid IT environments presents challenges
that legacy backup systems simply weren't designed to handle. Remember, no one system or
solution will protect your company completely from ransomware, cyberattacks or
from non-criminal events, like natural disasters.
For this reason, Zadara has partnered with Veeam to offer the only unified,
multi-tier data protection solution that delivers complete backup protection
without the need for multiple technologies. The ‘3-2-1-1' data protection
methodology is based on the backup rule of three. This came from photographer
Peter Crowe and includes keeping three copies on your data, stored in multiple
forms, including one version offsite.
What shouldn't you do? Don't leave your backup to chance. You shouldn't
wait until it's too late to revisit and update your storage, backup and
recovery solutions. Make sure you have a complete end-to-end backup solution
that includes an easy mechanism to send data offsite securely with a user ID
and password from your service provider that copies the data to object storage
and locks it to prevent deletion.
And don't neglect to periodically test your ongoing and older backups -
because if you don't test, how do you know your backup is still valid?
##
About the Author
Steve Costigan is an experienced IT professional, with
over 30 years of experience across many technologies and systems within the
data center and cloud arenas. Steve is skilled in taking complex technical
subjects and making a simplified solution achievable, especially around storage
and virtualization technologies. Steve joined Zadara in May 2014 and works
closely with the team to bring the Zadara VPSA platform to the European market
- as well as lead the International Solution Architects team in defining Zadara
solutions with customers and partners. Prior positions include VP of Product
Research and a founder member of 7Global, one of the first XaaSP's to emerge in
the UK market in the late 1990s, where he was technical lead in design of the
infrastructure and BS7799/ISO27001 technical lead, in addition to defining new
products and services. At LSI Steve was responsible for working with key OEMs
such as IBM, SUN, SGI and HP in delivering solutions around the StoreAge SVM /
HP SVSP solutions. He holds a Masters in Management (IT) from Charles Sturt
University.