I have been thinking for some time that I need to write a blog about how to protect data against Ransomware attacks and just like those customers who think “I’ll do that one day” and then it’s too late I’ve found the time to write it. As the world is gripped with the COVID-19 crisis, hackers and criminals are using this to their advantage. They target organisations by pushing compromised software onto systems often by watching the patch releases from suppliers like Microsoft and reverse engineering the patch to expose the vulnerability.
It’s just not customers who are being targeted these days, major vendors are being targeted as well and it can happen to anyone regardless of the size of the company. The cost of a security incident can be in the thousands, millions or scale to billions in some instances, an amount even the largest global businesses can’t sustain.
I have heard the phrases “Backup is boring”, “Backup is just an insurance”, “Data is protected using snapshots”, “We understand the risks of not having a backup” and others numerous times. With increase in hacks, backing up and protecting data is more important than ever. The best form of defense against a security incident is a good backup, but what if your backups get encrypted and held for ransom? What is the cost of not having a reliable backup?
Backups are supposed to be a last resort to get a business running again. I always stress to customers we should never consider backups an afterthought it shouldn’t be nice to have incase of an accidental deletion of a file, a human error or a virtual machine/server corruption. The ability to recover from known “good” backup and successfully restoring business services will protect you against having to paying any ransom.
Modern-day ransomware almost always scans for and targets the local backups during the initial phases of infection. If the ransomware can encrypt the backups or delete backups before the protected servers get encrypted, the higher the chances the hacker has of collecting the ransom so you can recover the files. This makes protecting the backups ever more important, as it has become the definitive line in the sand between paying a ransom and recovering the files or losing everything.
Now the question from anyone reading this far is how do we (Constor Solutions) help our customers when it comes to protecting data.
We ensure that when we transform our customers infrastructure:
The best from of protection against a cyber-attack is to have an offsite air-gapped backup solution. An air-gapped backup solution is an offline copy of the backup data which will be completely isolated from your network. A segregated copy which will ensure that the data is clean and less likely to be impacted on a compromised network. This significantly increases the speed of recovery and effectively eliminates the need to pay a ransom. In addition to the air-gapped solution having a copy of the backup data in a public cloud will ensure that the services can be restored and available off-site for business continuity whilst the incident is investigated.
As a company ourselves we practice what we preach, having a copy of the backup data in the cloud allows us to:
Data is the lifeblood of almost every company, having a secure data protection solution and policy should place as much emphasis on this as you put on your production SAN.