• Everycloud
  • Ransomware protection: Back up, don’t pay up  

    960 640 Stuart O'Brien

    By Pritesh Parekh, Chief Trust & Security Officer, VP of Engineering at Delphix  

    It’s hard to ignore the recent spate of ransomware attacks. For businesses all over the world, the problem is only getting bigger. It’s also getting more costly, with many feeling as if they have no choice but to pay up.   

    When ransomware shut down the Colonial Pipeline in the US earlier this year, the company paid the $5 million requested just one day after the attack. Meanwhile, JBS – the world’s largest meat processor – paid $11 million after it was hit. In many cases, giving in to cybercriminals and their demands is understandable. Even if an organisation has a backup available, often the associated data loss and wider disruption caused by long restore times are more costly than just paying up. Moreover, sometimes cybercriminals will not only encrypt data but target the backups themselves, leaving organisations with no other option.     

    But complying doesn’t always lead to a positive outcome. In fact, recent research found that only 8% of organisations receive all their data back after paying a ransom. On average hackers restore only 65% of encrypted data, leaving their victims significantly worse off. In addition, there’s no knowing what the ransom paid is funding. It could even be another attack, meaning that businesses are just kicking the can further down the road.     

    In an ideal world, paying the ransom shouldn’t even be a consideration. Businesses should be able to confidently restore data from trusted backup solutions within minutes of being attacked. But in order to do this, they need a fresh approach to backup.  

    The issue with traditional backups  

    For many years, backup solutions have been the go-to protection against ransomware. However, the perpetrators have grown wise to this approach and, as a result, modern attacks often target backup files as well. This poses a huge problem because backup files are often written and read by the same operating system the business uses for its day-to-day activities. This means the integrity of the backup system depends on how secure the business’s operating system is. If ransomware attackers can hack a system severely enough to encrypt its production data, then the compromised system also puts the backups at risk.  

    The other issue with legacy backups is the recency of their data. Most will only backup once a day but, in order to be as effective as possible, modern solutions need to provide same-day detection, response and correction, whilst tackling a wide variety of threat vectors. Once a day backups leave a whole day’s worth of transactions unprotected. In the digital economy, losing such an enormous amount of data can be detrimental to a business, even putting it at risk of liabilities.     

    The time taken to restore the data is also critical. With traditional systems, the whole process can be time and labour intensive, with multiple admins needed to restore the data in a new location, then connect and open a database application. It can often take several hours to days and disrupt business which is simply unacceptable.  

    The future of ransomware protection  

    As cybercriminals become increasingly sophisticated in their methods, it’s unsurprising that legacy backup solutions are no longer enough to combat them. With technology continuing to advance, businesses need to adopt a more modern strategy – which incorporates “air gaps” and data virtualisation – if they are to effectively protect their data and avoid paying the ransom.  

    Firstly, it’s important to isolate the backup network and remove any system-level access to it, creating an “air gap” between the two systems. Doing this will successfully prevent hackers who manage to access production data from reaching the backup files. This “air-gapped” backup system can be thought of as a separate, virtual device that can read and write to the system with the right login credentials. These credentials must be completely independent of the credentials expected by the main system and kept behind locked doors, mostly as read-only data to further strengthen their protection.  

    Meanwhile, having a virtualised copy of valuable data means that the backups can be restored in minutes, avoiding any significant downtime. What’s more, the data can also be backed up more frequently or even in real-time, minimising data loss to the business.  

    When it comes to ransomware, businesses need to snap out of the “pay up or lose data and time” mindset. Ditching legacy backups will help with this. It’s never been more important for organisations to update and modernise their ransomware strategy and focusing on quick and effective recovery is a great place to start.


    Stuart O'Brien

    All stories by: Stuart O'Brien

    Leave a Reply

    Your email address will not be published.