5 Tips to Protect Backup Against Ransomware Attacks
Backup and recovery solutions are designed to protect your organization, but sophisticated malware like Locky and Crypto-ransomware are now targeting your backup data. Not surprising, considering the rise in frequency and breadth of ransomware attacks. The first ransomware payment — circa 1989 — set the stage for hackers everywhere to begin locking up the data of unsuspecting targets and holding it until owners paid to get it back.
Cost of recovery can be 10 to 15 times more than the ransom (Source: Gartner)
Over 66% took 15 to 30 days to recover and were only able to recover 25% to 49% of their data (Source: Forrester)
According to Cybersecurity Ventures, “business will fall victim to a ransomware attack every 11 seconds by 2021, up from every 14 seconds in 2019. This makes ransomware the fastest growing type of cybercrime.” That’s why it’s important to keep these five considerations in mind when you’re strategizing how best to protect backup data from becoming a target, detect, and rapidly recover from a ransomware attack.
1. Ransomware Attacks Make Backups a Liability
Cyber criminals are now aggressively targeting shadow copies backup data — to gain full control, or worse, destroy what has long-been considered your insurance policy to business continuity. Their more sophisticated attacks enter a primary environment from an endpoint and head straight for your backups — where 80 percent of enterprise data is now stored — deleting or compromising everything there before taking over the production environment.
What’s needed to prevent ransomware attacking your backup is a multi-layered defense. Original backup jobs should be kept in an immutable state, and never made accessible to prevent being mounted by an external system. Also, multi-factor authentication (MFA), write once read many (WORM) capabilities for the snapshot and a modern air-gap are must-have features.
2. Expanding Attack Surfaces Expose Backups to Ransomware Attacks
IDC estimates 175 zettabytes of data will exist by 2025. This exploding data growth and mass data fragmentation — the growing proliferation of backup data across different sprawling silos — have combined to widen your organization’s attack surface. As a result, your backup data has become more accessible to cybercriminals.
Preventing ransomware from succeeding in the first place starts with reducing your enterprise attack surface and knowing what data you have and where it is located. A unified solution for connecting infrastructure, workloads, and backup locations arms your organization against ransomware by eliminating mass data fragmentation.
3. Attacks on Backups Made Easier by Intermittent Monitoring
Cyber threats don’t always originate from outside of an organization; they can be launched internally, too. Imagine a disgruntled employee trying to modify or delete a large set of data. Relying exclusively on backup data-ingest change rates to detect such behaviors is insufficient, hence your organization must be able to detect an attack in real time.
What’s needed is a solution that can continuously monitor and detect smaller change rates by analyzing files and audit logs — even when you’re not paying close attention. The right backup solution will protect your organization from cyber attacks every second of every day.
4. Public Cloud Entry Points for Ransomware’s Criminals
Staying ahead of ransomware requires a backup and recovery solution that offers a single dashboard. Being able to see, manage, and take action fast on your backup data — whether residing on-premises or across public clouds — will help your organization protect itself from ransomware attacks.
5. Long Backup and Recovery Cycles Add to Ransomware Pain
If your enterprise relies on legacy backup that requires synthetic fulls and falls victim to a ransomware attack, your IT team can spend days (even weeks!) in recovery mode. A recent Gartner report confirms the cost of recovery and the resulting downtime in the aftermath of a ransomware attack, as well as the reputational damage, can be 10 to 15 times more than the ransom. What’s needed is a backup and recovery solution that protects your last line of defence, your backup environment from ransomware attacks and helps to rapidly recover your data globally — including the public clouds/BaaS. Also needed is instant mass restore capabilities, which enable recovery of hundreds of virtual machines instantly, at scale, and to any point in time.
Protect, Detect, and Rapidly Recover from Ransomware Attacks
Organizations like yours want to experience zero data loss from cyber attacks and they want to have the confidence to refuse demands for a ransomware payment. Protect your data with a comprehensive solution.