Ransomware ― when your data backup is your last line of defence, make it count


Share
By: Patrick Smith, EMEA Field CTO, Pure Storage

The cyber-threat landscape is ever evolving, and undoubtedly one of the biggest current threats is ransomware. Ransomware is a type of malicious software that threatens to publish the victim’s data, or perpetually block access to it, unless a ransom is paid. For modern organizations who rely on data to operate and thrive, this kind of attack can be catastrophic. A recent global report from Sophos found that the average cost of paying a ransom was $1.4 million, or $730,000 in equivalent loss of revenue owing to downtime should they choose not to.

Over the course of the pandemic there has been a jaw-dropping rise in the amount and severity of ransomware attacks. Bitdefender’s recent 2020 threat wrap-up report recorded a 715% year-on-year increase in ransomware attacks, and data from many other reputable sources add credence to the increased threat of ransomware. It’s clear that this threat isn’t going to subside, and organisations need to make sure they have adequate solutions in place should the worst happen.

Increased threat landscape

The COVID-19 pandemic caused a huge amount of disruption for businesses, and created a new normal for how many organisations operate, which has evolved into a ‘next normal’. The majority of workforces had to suddenly work remotely, and whilst vaccine programmes are encouragingly underway, remote working looks to remain the case for quite some time.

While this has been a necessity, it has created new opportunities for hackers looking to exploit – making use of the fact that many will potentially be working on insecure home systems and networks, holding an increased amount of business-critical calls and meetings virtually, with security gaps left open to attack. It’s therefore unsurprising that the current environment has created this huge surge in ransomware attacks, and as such many security firms are offering advice and new protective measures to customers. However, one area that is not discussed so frequently in relation to ransomware is the vital role that data backups can play in mitigating the risk.

Prevention is no longer enough

As part of a robust cybersecurity strategy, companies can no longer rely solely on anti-intrusion systems. While having the proper precautions in place to prevent an attack is vital, organisations must also plan for recovery if an attack does occur. This means implementing a data backup strategy that also takes into account the necessary recovery through which data can be restored at scale and as quickly as possible.

In the vast majority of cases, once a business has been infected with ransomware it’s already too late to stop it. If everyone agrees that the ransom should not be paid, the data, once encrypted, is unrecoverable. The IT teams then have the responsibility of restoring data from backups, which may be out of date. This approach also assumes that backups are available and haven’t been encrypted or deleted by the ransomware attack itself.

Recently, attackers have increasingly targeted backups with the goal of deleting or encrypting them, acknowledging backups as an organization’s last line of defence. Data recovery is then impossible, forcing companies to pay the ransom or resign themselves to the loss of data, which could do irreparable damage and have lasting reputational consequences. Even if a ransom is paid it doesn’t guarantee recovery of data or protection from future attack and extortion. Remember that these attackers are hardened criminals.

Using backup “snapshots” to combat ransomware

This is where advanced backup “snapshots” come in. Snapshots are designed to protect data in the same way as backups, but with the goal of minimizing data loss and restoration times. They serve as a detailed index and protect metadata which acts as a guide for restoring an organization’s systems, speeding up the process dramatically. Organisations should opt for space-efficient snapshots automated by end-to-end protection policies, which can provide the flexibility and confidence to operate worry-free. They should also opt for a backup system that enables snapshot portability from on-premise storage to a secondary system or the cloud.

At Pure, we take the concept further with a solution called SafeMode Snapshots. These unique, read-only snapshots are immutable and prevent ransomware attackers from deleting backups stored. After being enabled, these snapshots are kept for a customer-specified period of time and cannot be deleted. In addition to this, only an authorised technical member of an organisation will be able to change the configuration of the snapshots, provided they contact their counterpart at Pure technical support to verify their identity and unlock the system.

Backup restore speed – a real differentiator

Even with immutable snapshots in place, if an attack should occur organizations will still be limited by the speed at which they can restore data to get them up and running again – crucial in today’s fast-paced business environment. Imagine a major online retailer being down for even one hour – it could cost them many thousands or even millions in revenue.

One issue to highlight is that most data protection architectures are optimised for backup, not recovery. The same design that optimises for data ingestion and space-efficiency creates significant drag on recovery speed, because data needs to be reconstructed after being widely dispersed through deduplication.

Organisations should therefore consider a flash storage backup that uses advanced technologies, such as FlashBlade, a unified fast file and object (UFFO) platform, which can offer unparalleled recovery performance of up to 270 TB/hour, with a peak backup speed of 90 TB/hour. UFFO storage also delivers multi-dimensional performance, even as data volumes increase, offering a near complete peace of mind against ransomware attacks.

With a solid cybersecurity strategy reinforced with advanced snapshots and a rapid restore solution, the restoration phase after a ransomware attack can be reduced from several weeks to just a few hours, and organisations can sleep a little easier knowing they are better defended against the modern scourge of ransomware.


Leave a reply