What Happens When an Inevitable Ransomware Meets an Immutable Backup?

Ransomware attacks have become increasingly prevalent and pose a significant threat to businesses in all verticals.

Just one of many scary stats circulating at present is, a new organization will fall victim to ransomware every 11 seconds by 2021 with a cost of $20 billion.

So imagine this. You are a healthcare organization unable to access patient records and appointment schedules. Or, a bank unable to access customer’s financial records. And imagine, adding a global pandemic into the mix. You don’t need much of an imagination for any of this, as ransomware attacks have increased by more than 235% in some industries taking advantage of the existing COVID 19 Coronavirus pandemic. As if things couldn’t get any worse. More than a quarter of attacks this year have targeted either the financial or healthcare industries.

It’s not hard to have baseline safeguards and policies in place, such as antivirus and antispam solutions, disabling macros, keeping all systems updated and ensuring you restrict and monitor internet access. However, today’s cybercriminals have become highly sophisticated and are extremely persistent. More and more, they are finding ways to break into IT systems and all it takes is one mishap or unsavvy person to take the bait. This means, it’s not a matter of whether your organization will be attacked, it’s simply a matter of when.

With that fact in mind, an inevitable ransomware attack does not mean its game over.

Let’s take one of our favorite superheroes of all time, Batman, a mortal who’s only superpower is being prepared for all eventualities. He doesn’t trust anyone in his team and is equipped with all sorts of contingency plans even for his super-powered fellow DC superheroes, should they ever go rouge against humanity. Like having an effective plan in the event of a disaster, an effective backup strategy and plan for ransomware is more than possible. And, if architected correctly, an effective backup strategy can more than adequately help to recover from any form of (locker or crypto) ransomware attack.

It starts by securing your backups using three simple techniques:  

• Isolate backups
• Inhibit access
• Create Immutable storage

Isolate Backups:

This means you should select a data-protection solution that can easily provision logical networks to dedicated backup targets siloed totally from the production environment. This would ensure backups from ever being discovered by any malware when a production environment is compromised.

Inhibit Access:

The rule here is simple, trust no one. Meaning the access to backups, the network and the backup storage should at least be restricted and at best for end users be outright denied . This can only be achieved by a solution that has robust RBAC, secure multi-tenant capabilities and software level backup holds from manual deletion and expiration

Create Immutable Storage:

What if a user or a malware, even with admin rights, could not delete or modify any of the backups? This is achieved only by performing efficient incremental backups to WORM enabled S3 storage, unlike typical full weekly/monthly archives. This ensures instant recovery from the most recent uncorrupted backup, with least amount of data-loss.

If you’d like to find out more on how HYCU can help you with your ransomware planning and recovery, please visit www.hycu.com or email us at info@hycu.com. Or, make a point of checking out a recent customer experience and how HYCU was able to save the day.