Ransomware Isn’t Taking a Summer Vacation

Justin Augat, VP, Product Marketing & Communications

You might be packing your sunscreen for summer vacation, but cybercriminals aren’t taking a break from targeting your business with ransomware. Unfortunately, our downtime is primetime for threat actors to significantly increase their attacks. 

If last year is any indication, this summer could be a ransomware record breaker. In 2021, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) observed an increase in highly impactful ransomware attacks occurring in the United States on holidays and weekends, when offices are typically closed, as recently as the Fourth of July holiday.

8 tips to stay safe from ransomware this summer

Here’s the good news. Before you pack the kids and head to the coast, you can take concrete steps to dramatically improve your chances of stopping cyberthieves (before they ruin your time off):

1. Identify and classify your key workloads

Oftentimes, the first step to protecting your business is identifying what matters most. In other words, which applications are CRITICAL to running your business? It’s not uncommon for organizations to have siloed teams with siloed data, and they don’t always have command over protecting applications and their data. Examples include applications running in on-premises servers, in the public cloud, or in SaaS environments (i.e. Microsoft 365 and Salesforce). These silos of data can lead to inconsistent (or non-existent) security across their environment. Take the time now to document what’s in your environment and identify what’s critical to your business. This is the first step to securing it. Moreover, this is also a great time to classify applications based on their sensitivity, business value, and attributes important to your business and customers. What’s the risk here? If you deploy a single backup/security strategy across your environment, it’s likely the strategy will be insufficient for some workloads and overkill for others.

2. Automate your environment

Now that you know which applications to protect (and how protection might differ between applications), backing up your data should be the next step and a non-negotiable IT effort. If you don’t back up on a regular basis, you just might find your business in worse shape than you left it. Automated solutions will make this easy and help you establish data protection and security policies “per application.” To set policies “per application” in place, consider adding advanced protection and security features (i.e., higher frequency backups, monitoring, and observability) to mission-critical applications. However, for best economics, consider general security capabilities and less frequent incremental/full backup combinations to save space for third-tier applications.

3. Reduce regional/geographic risk

Should you back up to a second site, rather than your primary site? Yes. Should you back up to a different region or geography? Also, yes. More good news — choosing unique backup locations is easy with today’s cloud backup. So, the better question is, why not back up to another location and eliminate the risk of localized threats, like floods or hurricanes?

4. Limit access to trusted users

While you’re soaking up time under palm trees, make sure you’re leveraging solutions that restrict data access to those with authorization only. RBAC (role-based access control) is a simple capability that can help defend your critical assets from less advanced attacks (think: malicious deletion of backups). In this case, create an access policy for the administrators vs. users within your organization. You can do this at the same time you classify your applications in terms of business value.

5. Prevent data loss and/or theft

Let’s look at ransomware as an example. If you’re successfully attacked while on vacation, you need a safe copy of your data that hasn’t been stolen, encrypted, or deleted. Otherwise, be ready to pay the ransom to get it back. For these scenarios, the following technologies can help:

    • Encrypt your data. If a cybercriminal is able to successfully access your internal data (i.e. financial, website, and customer data), make sure they’re not able to read it. Encrypting stolen data renders it worthless and should be considered “table stakes.”
    • Make your data immutableIf a cybercriminal isn’t able to effectively read your data (because it’s encrypted), they might try to delete it, change, or further encrypt it. Immutability makes this impossible.
    • Air-gap the data. There will always be exceptions to the rule. Given the sophistication and tenacity of cyberthieves, a general rule of thumb is implementing multiple layers of security and protection for your most valuable data. Air-gapping is a “stop-gap” capability and a measure of last resort for ransomware. Air-gapping is exactly what it sounds like. It creates a virtual (or physical) gap between your data and access points, out of harm’s way.

6. Regular maintenance

Much like your family car, your data protection and security solutions need maintenance. In this case, you need to regularly update your applications, patch your OS/hypervisor, and ensure vulnerabilities are addressed early. When it comes to “zero-day” vulnerabilities, time to detection is critical. Patches and updates that secure your applications from these vulnerabilities don’t exist and need to be developed by the vendor. Once they’re completed, they need to be applied immediately. The takeaway here? Having an actionable, repeatable process in place is ideal.

7. Automate your recovery

One of the major benefits of modern data protection is automated recovery. This means that while you are offline, your protection solution can:

    • Automatically quarantine threats to a safe location and remove access until the threat can be examined and/or eliminated.
    • Immediately stop backing up data from infected servers.
    • Automatically restore from clean backups. Today’s solutions should scan your latest backup before restore to prevent re-infection.

8. Penetration testing

Last, but certainly not least, test your solution regularly. Testing is critical to:

    • Understand how your system works. During and after an attack, time is critical. You don’t want to spend it learning how to use your solution.
    • Identify security gaps within your applications and determine the restore time and restore prioritization for each application.
    • Account for changed applications and environment. Your data constantly changes, so you need to ensure your solution is updated. This doesn’t just include patches and updates, but new and moved applications, too.

Generally speaking, make sure your environment has enough available compute and storage resources for successful backup and restore.

Taking the next step with a comprehensive ransomware protection solution

Obviously, these tips are just a starting point. Depending on how critical your data is to your business, there are additional strategies to employ. At Druva, our focus has always been on comprehensive data protectionsecurity, and disaster recovery. With that, we understand this can seem complex and overwhelming. That’s why our cloud-native, 100% SaaS solution was designed from the ground up, with simplicity in mind. It’s also built with the comprehensive capabilities, features, and performance you need to rest easy. Because, at the end of the day, your summer vacation should be about relaxing, not stressing over whether your business is vulnerable.

Explore Druva’s ransomware recovery page to learn more and watch our cyber resilience summit sessions on-demand for data protection best practices in the age of ransomware.