Almost every week there seems to be a new report about a ransomware attack on an organization or government agency. According to the Aberdeen Group, “More than half of enterprises report that they’ve experienced at least one ransomware attack during the previous 12 months.” 1 When an organization that is impacted by a ransomware attack can’t rely on their data backups to recover itself, they’re forced into paying the ransom to regain access to their data. While this solves the immediate problem (assuming the ransomers unlock their data), it creates a long term problem in that the organization then becomes known within ransomware circles as the one that has a weak ransomware response and is willing to pay. What these organizations are lacking is a ransomware recovery plan.
More and more, organizations are looking to the cloud as a viable solution to their ransomware recovery challenges. The cloud offers the highest level of availability, scalability, and resiliency, and ensures your data is protected from modern ransomware. Let’s dive further into modern ransomware, its effects on backup requirements, and how a cloud backup solution like Druva can provide ransomware protection.
Understanding modern ransomware
Ransomware works by gaining access to your infrastructure, usually by a user accidentally clicking on an embedded link in an email. These bait emails look almost identical to a legitimate email that you might receive on a regular basis. Once the ransomware is inside of your organization, it attempts to encrypt every file in your infrastructure that it can access. However, ransomware no longer launches the moment it infiltrates your environment. The latest incarnations work by encrypting much more slowly to avoid detection. Some will even start by encrypting the oldest files first and then move on to newer files. Some variants also replicate themselves to different parts of the infrastructure and delay launching the attack so that the backup process can backup multiple copies of the trigger file.
How ransomware changes backup requirements
Ransomware, unlike any other form of disaster, often attacks a specific organization. You may try to place your data center away from areas known for natural disasters, but there is no hiding from ransomware. Ransomware can also attack snapshots and data protection storage areas. In addition, some ransomware variants start by encrypting backup copies and configuration files first. This is why it’s important to have an effective backup strategy in place to address the threat of ransomware. Here are three notable requirements for data backup.
The first requirement — immutable backups
The first requirement of a backup application is to protect itself. Backup applications must ensure the data they store is immutable so that it can’t be modified or deleted for a period based on time, not on the user security level. Immutability also helps protect against another growing threat of malicious users or administrators.
The second requirement — complete backup coverage
A second requirement is the frequent protection of all data, in all locations, including endpoints. Ransomware tries to infect everything. Not only are company laptops a common way for ransomware to work its way into the environment, but they are also a common target of the spreading attack. Frequent data protection requires intelligent data movement so that the solution only sends the minimal amount of changed data to backup storage. It also requires a backup application that scales. Backup solutions may now have to track many more versions of a file and may protect many more servers than before.
The third requirement — clean recovery
The third and final requirement is intelligent recovery. Ransomware’s new technique of delayed corruption of data means that corrupt files are within multiple backups. The data protection tool needs to provide the ability to quickly search across numerous backups jobs to find an unencrypted version of a file. It should also offer the ability to restore only the files the organizations were using most recently first and then recover older data later.
While there are more requirements of modern data protection applications to protect against ransomware, it’s important to note these three. Sadly, these three backup requirements are where many data protection solutions fall short.
How Druva addresses backup requirements
Druva, the leader in cloud data protection, provides an inclusive data backup and ransomware protection solution for all of your endpoints (laptops, mobile devices, and desktops), SaaS applications, and data center workloads. Here’s how Druva addresses the aforementioned three backup requirements.
One of the core pillars of immutable backups is ensuring that your data is encrypted at all times. With Druva, your data is encrypted in flight and at rest, and is controlled only by the customer with an encryption key. Druva never has access to any of your data. More importantly, your backup images are air-gapped from your infrastructure and can’t be attacked by ransomware in your environment.
Additionally, Druva provides comprehensive data protection for all of your corporate endpoints. Because Druva is delivered as-a-service, you have provision data protection anywhere within minutes and can improve data visibility for your mobile workforce.
Lastly, if and when your infrastructure is infected with ransomware, Druva helps customers identify the last known clean copy of your backup data. Backup administrators can then proceed to delete infectious snapshots thus preventing anyone in the organization from accidentally recovering data contained within these infected snapshots.
With Druva, your data is always on, always safe, and always accessible, even in the event of a ransomware attack. Learn more about Druva’s ransomware protection solution.
1Aberdeen Group, Reducing impact of ransomware attacks via cloud-based approaches, 2019