How Protected Are Your Backups Against Ransomware?
Ransomware today is big business for criminals, so profitable that we are seeing more organized crime and nation-state actors getting involved. The threat landscape today is larger than ever with supply chain attacks targeting major vendors and pushing compromised software updates as seen in the 2021 SolarWinds incident or shipping conglomerate Maersk in 2017. Each week we hear news of a well-known organization or public utility falling victim to ransom demands before data gets destroyed or sensitive information leaked. With the proliferation of untraceable crypto currencies reaching record monetary highs and ever more sophisticated encryption methods – the profit potential is higher than ever.
Experts say the best defense against ransomware is a good backup, but what if your backups get encrypted and held for ransom? What is the cost of not having a reliable backup?
Backups are the literal last line of defense against falling victim to ransomware. No longer should we consider backups an afterthought in case of a deleted file or recovering a previous version of a file overwritten by accident. Successful backup restoration is the single point of failure between paying a ransom and successful restoration of encrypted files. Backups, therefore, need to be protected at all costs.
Modern-day ransomware almost always scans for and targets the local backups first during the initial phases of infection. This is being seen in compromised Exchange Servers exploited from the March 2021 Hafnium attack.
If the ransomware can encrypt the backups or delete backups before the protected computers get encrypted, the higher the chances of collecting the ransom to recover the files. This makes protecting the backups ever more important, as it has become the definitive line in the sand between paying a ransom and recovering the files or losing everything.
Can we trust a criminal to hold their end of the bargain when paying a ransom? Paying a ransom also lets the unknown attacker put a value on this data and increases the likelihood of reoccurrence. Who is to say they will not try again? This makes offsite backups that much more important.
One of the best and often proven backup strategies is keeping a copy of the backups offsite or air-gapped. An air-gapped or off-site backup is an offline copy of the data and far less likely to fall victim to ransomware from a compromised network. This increases the chances of recovery and minimizes the chances of having to pay an actual ransom. A cloud-based backup can be a defining point between a business losing all its data and the need to pay a ransom. The question about a business having offsite backups is now getting asked from cyber liability insurance companies and is becoming a requirement for coverage.
However, just storing data offsite is not enough, downtime from ransomware can be significant ranging from days to weeks of lost revenue. This can be incredibly detrimental to a business’s bottom line. The time for recovery entirely depends on the method used for offsite backups.
One of the best methods for dramatically reducing downtime in case of an incident is performing a cloud-based spin-up. A cloud-based spin-up allows for business-critical servers to come online in a protected cloud environment while recovery and remediation take place at the original location. The replicated backups are physically air-gapped and with a proper retention policy in place, we can restore the data to a point in time before the ransomware encryption. This allows employees and businesses to recover from an incident in a much shorter time frame than restoring from backups to a compromised system. A cloud-based spin-up also allows IT staff to investigate and remediate a current infection and recover from the attack and keep business functioning at the same time.
However, a business’s ability to recover is only as good as their last tested backup. Just replicating backed-up data to the cloud is not enough. It is no longer an “if” for a business to be compromised, but more of a when? Therefore, it is imperative to schedule testing of the backed-up data to the cloud regularly.
All we need to do is imagine the scenario of finding out the backed-up data is not good and what implications it will have. As it is often said, an ounce of prevention is worth a pound of cure. Protecting backups from ransomware is now more important than ever. It can mean life or death for a business.
Fortunately, Abtech has a range of services that meet these needs, under our StorTrust brand. The key benefits include:
- It is a fully managed service. Abtech manages the recovery so you can concentrate on other issues you may have within the business.
- The service includes an annual test, so you can be sure your recovery will work.
- We can provide fully air-gapped solutions as part of our service for the ultimate protection.
- We include the ability to run your systems in our cloud for up to 30 days for no additional cost. This gives you and your staff time to clean your systems or order new ones.
If you would like to know more, please call us on 1-800-474-7397 or email email@example.com