What is Ransomware?
Ransomware is a type of malware that cyberattackers use to block access to data or systems until the owner of the data or systems pays the ransom fee demanded. Occasionally, cybercriminals also threaten to publish or otherwise expose sensitive data unless owners pay. There are several types of ransomware, but the most common — and disastrous — is when malware encrypts files using cryptoviral extortion. This means files can’t be decrypted without a mathematical key held by the attacker. Even a security expert would not be able to unlock the files. Victims are typically notified about the encryption and asked for a ransom fee to be paid in an untraceable cryptocurrency such as Bitcoin.
What Should I Know About Ransomware?
Ransomware attacks aren’t new, but they have become increasingly popular, sophisticated, and costly to remediate. The target is data, which is both an organization’s most valuable asset and most vulnerable one, if cybercriminals set their sights on it. Attackers tend to choose organizations with troves of sensitive data that they need for daily operations — think financial firms, healthcare institutions, or government agencies, among others. Because more people than ever are working remotely, ransomware threats are rising and attackers are demanding higher fees to unlock data.
Because attackers seek big paydays, in addition to attacking the production system and data, cybercriminals are targeting backup data and infrastructure. They understand what you often consider to be your insurance policy — your backups — can also be a liability.
When it comes to ransomware, here’s what you and your organization need to know:
- Cybercriminals are now aggressively targeting backup data to gain full control of your data, or worse, destroy it and interrupt business operations
- As legacy backup products collect and store more data across silos, this mass data fragmentation creates an expanding attack surface that exposes more infrastructure to ransomware attacks
- Early detection can help control ransomware. Vigilance against external attackers includes using modern backup with machine learning to detect bad behaviors and spot anomalies in real time
- Should the worse case happen, you will need to recover backups quickly but with assurances that your restored data is clean. And lacking both visibility into your data and a snapshot that can’t be broken into makes a clean restore to a specific time more challenging
- Long backup and recovery cycles add to ransomware pain. Less data is recovered, according to recent research respondents, the longer recovery takes.
No matter when or by whom, a successful ransomware attack is a no-win situation. You will suffer some operational impact, and if it’s not taken care of early reputational damage, whether or not you pay the ransom — and expert advice is not to pay, because in many cases you don’t get your data back anyway.
Since it’s now widely recognized that it’s not if, but when, you are attacked, how long and impactful a ransomware incident is on your business can depend heavily on how you’ve architected your backups.
Cohesity’s Modern Approach to Ransomware Recovery
Because cybercriminals know how important your backups are, they are increasingly making them targets of ransomware attacks.
Cohesity has a multilayered way to prevent your backups from being victims of ransomware. Cohesity’s immutable architecture ensures that your backup data cannot be encrypted, modified, or deleted. Using machine learning, Cohesity provides visibility and continuously monitors for any anomalies in your data. And if the worst happens, Cohesity helps you locate a clean copy of data across your global footprint — including public multiclouds — to instantly recover and minimize downtime.
Protect backup – The immutable backup snapshots, combined with DataLock (WORM), RBAC, air-gap, and multifactor authentication prevent your backup data from becoming a target
Detect – Machine learning-driven intelligence establishes patterns and automatically detects and reports anomalies
Rapidly recover – Simple search and instant recovery at scale to any point in time gets you back in business fast. Cohesity’s unique instant mass restore quickly recovers hundreds of virtual machines (VMs) and large Oracle databases to reduce downtime