C2 Summer 2020 Data Editors' Picks Mission Critical - C2 Security

Why Backups Have Become Ransomware Targets and How to Prevent Getting Robbed

Why pay ransom when the underlying problem may be solvable? Here’s what IT teams may not know about modern backup and recovery and how it can help defend against ransomware.

Cybercrime is on the rise and the current global pandemic has only made it worse. As remote work numbers grew from February to April of this year, so did ransomware attacks. In March 2020, ransomware attacks increased 148% over baseline levels from February 2020, according to one report. Financial services organizations were the most heavily targeted during that time, yet no industry is immune.

Global enterprises. Small businesses. Government agencies. Home networks. All are potential ransomware targets today. That’s why defending your data against these cyberattacks must move up in priority as IT teams develop both data and threat protection strategies. It’s no longer enough to assume doing routine backups is sufficient. Rather, a proactive prevention, detection, and response plan is needed.

 

The Source is the Destination

A notorious criminal once said he robbed banks because that’s where the money is. Backups are becoming ransomware targets; attacking them a well-known and often lucrative criminal path.  That’s because organizations are using backups to protect against malicious data encryption. However, backups are now stored online, more than ever—often in public cloud platforms or SaaS services such as Microsoft Office 365. Similarly, many disaster recovery (DR) solutions rely on active/active replication to networked data stores to work. These serve as a backdoor for ransomware attacks as these resources and live data are routinely targeted and breached—to the dismay of victims that discover their encrypted backups and disaster recovery systems have been compromised.

One reaction to this threat is for IT leaders to review their organizational backup policies. In the UK, this includes recently updated guidance from the National Cyber Security Centre. For U.S. government agencies, it means alignment with the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center (NCCIC) recommendation. Experts advise offline backups as a best practice when dealing with and seeking to mitigate the threat of ransomware. However, this assumes backups are a last resort—useful only for recovery in case of an attack. Some IT leaders know better. They recognize their backups can not only help them recover from ransomware attacks, but proactively defend against them as well.

 

 

Prevention is better than cure.

The best risk mitigation strategy features integrated backup and anti-malware protection as key components of a data management strategy and not as mere afterthoughts. This strategy must then be powered by a robust, modern data management solution that goes well beyond basic backup and restore capabilities. But how do you arrive at the right solution that suits your needs? You could start with asking yourself these three questions:

 

Do you have visibility into your backup data?

Proactive vulnerability scanning is a first-line malware defense, but it can be challenging to scan data and applications in production systems and shared assets (such as NAS appliances) across distributed infrastructure. A simpler approach is to scan backups. This prevents teams from negatively impacting system availability and scanning at scale across multiple endpoints. And the preferred solution should be one that goes beyond simply scanning backups and discarding them if they contain malware. It should send an alert while concurrently taking action to eliminate malware and potential vulnerabilities when they are detected.

 

Can you secure your backup data?

Backup tapes rarely help IT teams when it comes to fighting malware threats. That’s why companies also take snapshots, most often with automated replication tools. But these can easily be locked up, which is why they are not enough to protect against threats. Best practice ransomware prevention includes a multi-layered, security-first approach towards data management. It balances security and data protection requirements with speed and ease of recovery that are essential for an agile business. It will ensure your backups are stored in an immutable (locked) state that cannot be mounted, modified, or deleted.

 

Can you recover quickly, easily and at scale?

The last-resort line of malware defense is recovery. Yet it can be a complex and lengthy process, especially when an organization has a large hybrid infrastructure, spanning multiple clouds, on-premises data stores, and edge locations. To best combat ransomware, an essential requirement is a solution that supports recovery at scale and considers both rapid Recovery Point Objectives (RPOs) and fast Recovery Time Objectives (RTO). Why? Because without these capabilities, recovery can take days, or longer, potentially leading to business failure.

Of course, there are lots of other factors to consider and answers to find, especially with ransomware attacks becoming ever more ingenious, making it essential to keep data management strategies under constant review. Although there is no silver bullet, the industry is closer than ever to a comprehensive way to proactively defend against and recover from ransomware. The answer lies in deploying a modern backup and recovery solution based on sound data management hygiene while applying multi-layered defenses capable of isolating backups from production data stores.

Why pay the ransom when you can solve the underlying problem? For a more proactive and long-term approach, take a look at the joint Cohesity-HPE data protection solution that not only helps stop your backup and unstructured data from being a ransomware target, but also provides early threat detection, and in the worst-case scenario, recovery of all your primary and backup data—at scale. The bad guys are smart. But you could be smarter with a little help from the data protection experts at Cohesity and HPE.

Learn more about Cohesity and its anti-ransomware solutions, here.

 


Chris Wiborg

Vice President, Product Marketing
Cohesity

Currently responsible for product and solutions marketing at Cohesity, Chris Wiborg draws upon his 20+ years of experience as an IT practitioner and consultant to help drive an understanding of how organizations can derive more business value from disruptive technology innovations.

Over his career he has introduced and accelerated market adoption of a range of solutions, from SaaS-based end user software, to developer-centric open source offerings, to infrastructure that powers organizations of all sizes: whether on-premises or from the cloud.

A frequently requested speaker, recovering Enterprise IT Architect, and graduate of Yale University, Mr. Wiborg holds several technology patents relating to middleware and RFID.

Follow him on Twitter @cwiborg

Leave a Comment