Protecting Data Against Ransomware Via Secure Backup
There’s an ad currently running on French TV for an insurance firm where we see a baker standing in front of the smoldering remains of his bakery. We see that the baker’s thoughts quickly turn to how comprehensively his insurance policy is going to cover reconstruction costs. Underpinning this sorry scene is the often tragic tale of people and of businesses where a total or partial lack of protection can have dire consequences.
Similarly, losing data to cybercriminality can lead to the same level of concern, the same questions: just how much data have I lost, how much can I get back and how quickly?
For the baker it’s about re-building: new premises, changing equipment, managing the teams. For data loss, no insurance policy can guarantee to recreate data that is permanently encrypted or deleted. Sometimes there really is no way back.
Cybercriminality plays on people’s fears. When faced with a ransomware demand many organizations can react to the ticking clock and rapidly pay a bitcoin ransom to receive the decryption key and recover data. Some hesitate, and rightly so, because paying the ransom is absolutely no guarantee of recovering your data. According to Kaspersky, 1 in 6 firms were unable to gain access to their data despite paying a ransomware request. In this criminal “industry” set to exceed $10 billion by 2019, this could translate a loss of around $1.5 billion in ransomware payments which result in zero data being recovered!
Of course, the cost of ransomware goes way beyond actual ransom payments. Attempts to recover data using DR techniques, consultancy fees and lost trade all weigh heavily on finances.
The example of FedEX is telling. They endured a loss of $300 million following a ransomware attack not through ransom payments, rather through the cost of disaster recovery and related business downtimes. This highlights the fact that many organizations -small and large- are not prepared or patently underprepared.
Insurance policies are fine for physical damage to buildings and for liability. It’s harder to really put a price on data and difficult to evaluate financial loss. If a company loses a VIP laptop to a cryptovirus with unique copies of vital customer data, how much business will this impact in the next 6 to 12 months?
If a corporation has to run for four days without any access to their primary systems and application infrastructures, what will be the knock on effect to immediate and future business?
If this organization is a hospital or government body, the risk goes beyond financial loss because individuals’ wellbeing can also be impacted. Any data loss -be it temporary or permanent- will have some consequences which can jeopardize even long-term business survival.
Our baker looking despondently over the smoking ruins of his family business may of course rebuild, recover his customers and even thrive in new premises if his insurance was adequate. Cyberattacks are in some ways more malevolent because they are invisible. They are often even minimized by companies and hidden from management when they do occur. The 2018 Cyber Incident & Breach Trends Report points to the doubling of ransomware attacks between 2016 and 2017. Ransomware accounted for 134,000 incidents out of a total of 160,000 in 2017 and the report suggests the total number of actual attacks could be as high as 350,000, because so many breaches go unreported.
With cybercriminality, there are no flames, no smoke. But the damage is real and recovery from attack may be as hard if not harder than purely physical damage.
If ransomware or another form of cyberattack gets behind your organization’s defenses, you need to have a genuinely robust and resistant backup and disaster recovery plan in place.
If the damage is limited to a single machine, simple file recovery may be enough. If the attack has impacted servers and applications, you will need to roll back to a point in time prior to the attack. If your servers run in failover mode, then this may work on condition that the failover platform is itself not impacted by a propagated attack.
At Atempo, backups are typically distanced from production environments and are less likely to be impacted by propagation. We encourage many of our customers to consider online and offline storage destinations – including the use of tape (LTO6, 7 & 8). A tape stored in a safe deposit box is 100% certain of not being infected or attacked!
Atempo commercializes a continuous data protection solution for workstations, file servers and laptops, a range of all-in-one backup appliances particularly for remote-site environments and powerful backup and data preservation solutions for virtual and physical applications and servers.
Thousands of customers worldwide have deployed our solutions and benefitted from the power of rapid recovery following data loss of all kinds including ransomware and cryptoviruses.
Like the baker who opted for full insurance, make sure that when it comes to data protection it’s you, and not the cybercriminal, in control of how the cookie crumbles!
Our customers have many tales of recovery following cyberattacks. Here are just a few:
For more information, visit: