Survive and Recover from Ransomware Attacks with Data Backups
Cybercriminals love nothing more than infiltrating a network, accessing your data, and encrypting it so it can no longer be accessed until a ransom is paid. Typically, the longer the data is encrypted and unavailable, the larger the financial impact. These criminals may even sell the data outright.
Attacks are becoming more frequent and sophisticated. A ransomware attack study from Ivanti found that of 1,000 enterprises IT professionals across the globe, 58% had worked for organizations that had suffered a ransomware attack in the last year! Sadly, cybercriminals have become an almost unstoppable force.
If you are a software vendor like us, you need to ensure you have very robust security policies and procedures in place to prevent hackers from gaining access to code. Because if they do, every single customer using your software is then at risk of attack.
One of the largest global ransomware attacks to date happened to Kaseya, which provides IT management software for MSPs. Kaseya’s VSA remote monitoring and management tool was used as an attack vector to inject ransomware into over a thousand systems via thirty-plus MSPs. This is not the first time this type of supply chain attack has taken place with SolarWinds, having a similar scenario unfolded last year.
We are living in a data-driven age. Security is a process that needs to be implemented with policies in place to ensure that users, networks, and devices are as protected as possible. Part of the security process for your data should involve a reliable and tested data protection solution that will support your organization in recovering your data quickly if it is compromised.
One ‘data protection fortress’ that thousands of organizations have chosen to protect and recover their data is Catalogic DPX. DPX is part of their core data protection strategy, enabling fast backups with instant recovery, and DPX is trusted due to its leading industry reliability and comprehensive coverage.
When choosing the fortress for your data, there are five key capabilities your data protection solution and IT team needs to provide to shield, protect, survive and recover from a ransomware attack:
- Ensure redundant backups
Backup is everything and it is of the highest priority to ensure your organization’s backups can be counted on to recover lost data. The 3-2-1 backup rule is a great strategy for data protection. It calls for three (3) copies of data, on two (2) different storage media types, with one (1) of the copies offsite or in the cloud. With backups to recover from and the offsite copy that ransomware cannot reach, this strategy is good insurance against bad actors stealing data. The 3-2-1-1 rule adds at least one backup copy verified was not locked or corrupted that can be recovered. 3 copies, 2 media, 1 offsite, and 1 verified recoverable. Catalogic DPX is the perfect product to enable 3-2-1-1.
- Granular recovery points
Backup is must be completed every day. Sometimes things get in the way and a backup might be missed occasionally. But if you are only backing up once per week and ransomware strikes toward the end of the week, the company could lose many days of data. Backups and snapshots must run regularly, or point-in-time copies of data are taken as often as possible. This helps an organization recover as close as possible to the time the data was encrypted or damaged by ransomware.
Ransomware attackers are analyzing behavior and traffic waiting for the best time to strike. Sometimes attackers are present in the network and have access after recovery, allowing them to attack again. Take this into consideration and set longer retention periods than your typical defaults of 30, 60, or 90 days.
- Air-Gapped and Immutable backups
If your backups reside on the same network or the same storage system as your production data resides, they are vulnerable to attack also. Cybercriminals have gotten more sophisticated and one of the first items they do is to search for and remove all your backups so that no data recovery is possible. Having backups air-gapped in the cloud or on tape that the ransomware attacker cannot easily reach, helps ensures that your data is recoverable. Further, if your backup data or data snapshots are immutable or locked from changes, they can be used to rapidly recover your data in case ransomware encrypts your primary data.
- Application-aware backup
Applications require additional consideration if they use a database and the data is protected only by those files themselves. When ransomware hits, it takes several steps to recover applications. Application-aware backup is important as it defends application metadata and ensures that the application servers can be recovered. Conduct application recovery verification tests on a regular basis to stay in the know and confirming that the data and applications can be restored.
- Reporting can predict disaster ahead
It is typical for incremental data backup to contain fairly small changes between full backup cycles. One big tip-off when ransomware hits (with data encrypted) is that an incremental backup suddenly becomes the size of a full backup. Modern data protection products can track anomalies and report if backup sizes are unexpectedly much larger and alert the backup/security administrator. This is very helpful in identifying an attack in progress, and also sets the point in time from which rapid data recovery can commence.
Data Protection is the last line of defense when it comes to ransomware attacks. Ensure that you have a data protection fortress-like Catalogic DPX that is ransomware recovery ready. If you are interested in learning more about how Catalogic can assist you in implementing your data protection fortress to ensure recovery from ransomware attacks, please contact us and also watch our recent webinar Protect and Recover Your Data from Ransomware Attacks.