Ransomware Recovery – 5 Steps to Avoid Payments Using Smart Backups
While malware, breaches, phishing and other cyberattacks have been on the rise for years, the dramatic explosion in ransomware attacks in 2021 is shaking the IT security landscape. Gartner predicts that by 2025, at least 75% of IT organizations will face one or more attacks. Trends indicate the likelihood of an attack is not a matter of if—but when—your organization will be the next victim.
The business model of ransomware means that a decryption key will be provided by most attackers, but even with the decrypter, there is no guarantee that all the data will be recovered. According to Gartner, only 8% of organizations manage to recover all the data following a ransomware attack. In addition, the decryption is often very slow, and if a large amount of data has been encrypted, it can take weeks to recover.
The Sophos State of Ransomware 2021 report indicated that 57% of organizations interviewed were able to recover their data through backups. Having a reliable backup infrastructure that enables expedited recovery of not only files and databases, but also key applications and configurations, is critical to avoiding ransom payments, business downtime and brand damage.
Here are five steps to ensure a successful backup and recovery strategy:
1 - Back up everything
Organizations frequently have problems ensuring that everything that needs to be backed up actually is. It’s only possible to recover what's backed up, and often not all data and systems locations are known by IT.
To ensure that companies are capturing all critical backup needs, organizations should conduct a thorough inventory of all their systems and assets. This will usually involve leaders from every function so that they can identify all that needs to be protected. A strong change control including server creation and adjustments should be implemented to consider the implications of data protection for each system.
2 – Keep the backups isolated
According to a survey by Veritas released last year, only 36% of companies have three or more copies of their data, including at least one off-site. Keeping an "air gap" between the backups and the production environment is critical to keep it safe from ransomware and other disasters.
If you are an organization that still houses your critical compute in your office building, it's time to move that infrastructure out of your facility. The fastest move can be to a data center provider, often called a "lift-and-shift," which protects you from physical, power and bandwidth threats. This can have an immediate benefit with minimal impact and changes required.
Another popular option is moving the critical systems to the cloud, like with Disaster Recovery-as-a-Service (DRaaS). DRaaS is flexible and scalable and doesn't require upfront costs. This technology continuously saves incremental copies of files, which means that there's no loss of data when ransomware hits. You are able to revert back to the last clean version of the file before the attack.
3- Build a tiered backup process to speed recovery
Classify your infrastructure in tiers according to sensitivity to downtime and business impact. The data, systems and applications that cannot afford a long period of downtime and data loss are your mission-critical infrastructure and should be protected accordingly.
Mission-critical data and applications require a solution that is able to replicate the entire environment in near real time to support low Recovery Time Objective (RTO) and Recovery Point Objective (RPO) requirements and minimal data loss. A cloud-based disaster recovery infrastructure, such as DRaaS that offers a journaling feature, allowing systems to be rewound to a previous point in time before the ransomware attack, can provide the availability critical IT infrastructure requires.
On the other hand, a non-critical infrastructure that is less sensitive to downtime can take advantage of tools like Backup-as-a-Service (BaaS), where the data is replicated to a safe and cost-effective cloud environment using a scheduled routine so that it can be retrieved on-demand.
4- Keep the backup infrastructure up to date
As media decays and storage technologies evolve over time, critical enterprise data can become inaccessible during a ransomware attack. That's why it's essential to keep important backups compatible and available by periodically modernizing enterprise backup technologies.
Creating and maintaining an internal backup and recovery environment can be complex, time-consuming, and require a set of skills that not many organizations have available internally. Capacity planning and budgeting for the growth of the systems can be difficult compared to the on-demand usage of as-a-service systems. It also involves CAPEX investments in hardware, software, network and storage systems.
Today, cloud infrastructure can be used to create virtual backup data centers that only cost money when in use. If a company already utilizes a cloud solution, setting up a backup in a different availability zone—or a different cloud—is an even simpler process.
5 - Test, test and test again
According to Veritas, 39% of companies last tested their disaster recovery plan more than three months ago—or have never tested it at all. Many companies approach recovery from a backup point of view, not a recovery point of view, but the only way to ensure they are working well is by testing to restore them. If you don't test your disaster recovery infrastructure, you won't know if it will work when you need it.
Smart recovery strategies that utilize cloud-based backups and disaster recovery infrastructure are powerful against ransom extortion. To have confidence that you will be able to restore the data quickly, you have to fully test the recovery process.
So, why aren't more companies taking these steps to ensure a successful backup and recovery strategy? There's a widely held belief that there is substantial setup cost. Many leaders believe you are required to have in-house cloud and legacy systems expertise. The truth is the cost to migrate to a cloud-based backup infrastructure is much less than paying the ransom and dealing with the reputation damage.
One way to get started is to focus on the most critical business processes first. Identify your mission-critical infrastructure and protect it securely and reliably. If a ransomware attack occurs, you will have the confidence to provide business continuity and avoid the huge cost of payments and brand damage.
Data protection should be seen for what it is: an investment. Today, there are partners in the market that offer a full stack of managed services for BaaS and DRaaS, making the migration and management of your cloud-based backup environment smooth and cost-efficient. An ounce of prevention is worth a pound of cure.