A ransomware attack is devastating. Compromised businesses and organizations suffer steep financial losses (an estimated $10.5 trillion annually by 2025) compounded by the loss of customer and partner trust. If a healthcare organization is a victim, it can even risk human life. By virtue of the increased value of data to organizations, not only are the number of ransomware attacks growing, but so too are the different types of this threat. According to Bitdefender’s Mid-Year Threat Landscape Report 2020, global ransomware reports increased by 715% year over year.
Because of this proliferation, it’s a good idea to review just what ransomware is, what prevention methods your organization can take to guard against an attack, and if the worst was to happen, how to recover your data quickly.
What Is a Ransomware Attack? Is Setting Up Preventive Measures Worth It?
A ransomware attack – in the simplest of terms – is when malicious software (malware) infects a computer and a message demands a fee for getting it to work again. Clicking deceptive links in an email, an instant message, or a website typically installs the ransomware, which proceeds to lock the computer or encrypt important, predetermined files with a password. If payment is made, the attackers will, in theory, provide a decryption key to unlock your data. In the last few years, ransomware has significantly evolved and is now designed to attack both production and backup data. Sophisticated ransomware has destroyed shadow data copies and restore-point data. Even when recovery services are used, issues can remain after the attack.
To prevent ransomware attacks, companies have been taking measures such as purchasing prevention tools and training employees to identify suspicious messages and websites. Investment in security tools and training is predicted to increase from $18.3 billion in 2020 to 24.6 billion in 2023, yet the number of attacks are growing. Cybersecurity Ventures noted that in 2016, there was a ransomware attack every 40 seconds, and it predicts that there will be one every 11 seconds this year. In 2020, ransomware attacks were up 148% amid COVID-19, as cybercriminals took advantage of the new work-from-home world. In fact, ransomware attacks are only becoming more sophisticated – both in how they are deployed, (e.g., with the emergence of Ransomware-as-a-Service (RaaS) offerings: demanding lower ransom but launching higher volume attacks), and who they attack: focusing on organizations that have fewer resources but have critical data or uptime requirements such as healthcare or government agencies.
The last line of defense against sophisticated ransomware attacks are of course your backups. Therefore, ensuring you can protect your backup data is critical. However, you also need to invest in a solution that can help you quickly recover from an attack.
How Can You Protect Backup Data from a Ransomware Attack?
Ransomware that compromises infrastructure is a goldmine for cybercriminals, and time is on their side. According to Ponemon Institute and IBM, it takes organizations 207 days to identify a breach. If the worst was to happen, a multi-layered approach to backup protection is the best way to safeguard against your backup from being a target and paying the ransom. It’s not enough, however, just to have safeguards in place to protect backup and hope for the best. As ransomware continues to evolve and become more sophisticated, you also need to be able to quickly find out if and how much of your IT production environment has been compromised. At that point, you need the ability to recover all your data cleanly.
Therefore, ransomware protection has three main steps:
- Protect backup data from becoming a ransomware target. You need a solution that offers a multi-layer approach to prevent your backups from becoming a ransomware attack target. The solution should offer immutable snapshots, write once read many (WORM), and strict access controls with Role-Based Access Control (RBAC) and multi-factor authentication (MFA).
- Detect ransomware attacks: Discovering ransomware attacks is easier and faster with automated continuous monitoring and machine learning. Algorithms automatically scan for data ingested for backup and assess change rate anomalies to flag a potential ransomware attack in your production environment.
- Recover rapidly and cleanly: Rapid data recovery is critical because you need to keep downtime to a minimum. You need a dashboard that shows the health status and cyber vulnerability index of your backup snapshot before quickly bringing back all of your data in one mass restore across locations and environments.
What Features Does a Good Anti-ransomware Backup Solution Have?
When you decide to invest in a backup and recovery solution, look for one with immutability. Legacy environments lack the modern capabilities needed to defend backups against ransomware. You also want to be absolutely sure the solution offers clean and rapid data recovery in case you are attacked; visibility into your data and systems and the ability to check for issues before a restore is critical. These are a few of the features that should be part of your backup solution:
- Immutable backups: This file system supports frequent, unlimited immutable snapshots with little to no performance impact. Ransomware cannot access or modify the immutable backup snapshots.
- Strict access controls: Most ransomware hackers take advantage of relaxed access policies. A combination of role-based access control (RBAC) and multi-factor authentication (MFA) ensures only authorized users can access the relevant data.
- Machine learning-aided detection: Early machine learning-based detection helps to quickly gain control of the situation, access the damage, and rapidly initiate incident response.
- Instant mass restore: Ransomware rarely strikes one machine or a couple of VMs. Your backup solution should be robust and modern and quickly be able to recover hundreds of VMs or large databases, to any point in time.
What Are the Benefits of Implementing an Anti-ransomware Solution?
A modern backup solution with anti-ransomware capabilities helps ensure that your organization is not tied up and held up for ransom. It is your last line of defense against attacks. The right backup solution can give you peace of mind. Cybercriminals who seek to make money off misfortunes continue to deploy creative tactics to infiltrate your IT systems. If they do breach your primary defenses, a backup solution with anti-ransomware capabilities can identify attacks to reduce the damage. If ransomware does strike, modern backup solutions can offer rapid recovery capabilities that can mitigate risk and contain remaining issues.
Implementing an anti-ransomware solution is a worthwhile investment that will help prevent massive data loss, protect your company’s reputation, and help you avoid the financial distress that can be the aftermath of an attack. It helps protect your backup data and systems, can provide early detection, and helps you to rapidly recover with an instant mass restore. As a result, your organization can experience near-zero data loss and gains the confidence to refuse a ransomware payment.
Why pay the ransom when you can solve the underlying problem?
For a more proactive and long-term approach, take a look at the joint Cohesity-HPE data protection solution that not only helps stop your backup and unstructured data from being a ransomware target, but also provides early threat detection, and in the worst-case scenario, can help recover your data—at scale. The bad guys are smart. But you could be smarter with a little help from the data protection experts at Cohesity and HPE.
Ready to Learn About Cohesity’s Anti-ransomware Solution?
Lisa Robinson Schoeller
Cohesity | HPE Product and Solution Marketing
Lisa Robinson Schoeller leads Cohesity | HPE Product and Solution Marketing for Cohesity. A technology marketing executive with over twenty-year experience, Lisa helps companies accelerate growth by rapidly turning business goals into increased revenue and market share.
Follow her on Twitter.