As if computer virus attacks intent on disrupting service or stealing data were not enough, the more preferred flavor of the day is ransomware. With ransomware, in theory you do not lose your data if you pay the ransom, but you will have experienced disruption of service. And like all classic ransom situations, you are at the mercy of the criminal’s word that they will in fact release your hostage data if you pay up! One must wonder, though, what’s in it for them to follow through? It’s not like you’re going to give your attacker a positive review on Yelp nor are they looking for “preferred attacker” status!
You might be thinking “Who cares? I’ve got a solid backup solution in place and can recover without paying.” Maybe you do, maybe you don’t. In many cases of traditional backup services, you may be surprised to find you really don’t. Here are a couple of the internal secrets that might be of interest.
- Attacks are targeted, not just random. Through the use of social media and other research, including examining how customers interact with your business online, cyber criminals gain insight into the makeup of your IT infrastructure prior to launching an attack.
- Attacks are targeting critical applications and high traffic systems. When an attack is launched, attackers aim for data that is vital to your critical applications. If they learn, for example, you use a particular DBMS, they will target filetypes that tend to be associated to those databases. Likewise, high traffic systems tend to cause greater pain at a faster rate when they are out of service, so email and web servers are frequently on the hot list.
- Attacks target backup data. When backups are taken, they are often stored on locally accessible file systems or storage servers. They also tend to have tell-tale signs identifying them as backups. Even if they cannot be infected, they can be encrypted and held as part of the ransom. This is probably the most significant point – yes, you may have backups, but they may be unavailable for recovery!
So when ransomware attacks, and your critical systems stop functioning because the critical data files are suddenly encrypted and unreadable, and systems crash and won’t restart because the OS and configuration files have been locked up, and your system admin tells you the backup files have also been compromised, it can be a very bad day indeed!
Take heart, though, there are options to help win the battle against ransomware.
Consider Cloud based Backup as a Service (BaaS). With your backups stored off the local network, the ransomware will not be able to access and encrypt them. This at least enables you to recover to a point before the ransomware attack took place. There will still be down time, and a fair amount of work to recover, but you have a clean backup from which you can recover.
Add in Disaster Recovery as a Service (DRaaS) and you gain greater control and ease of recovery. With commercial grade Disaster Recovery as a Service, your recovery is simplified and expedited, even protecting backup and DR files that are stored on the local network. Access to the recovery files is only available through the DR portal, so even if the ransomware obtains administrative privileges within your network, it’s not going to get to these files! So whether recovering on-premise or in the Cloud, your source for recovery is clean, and with DRaaS tools, executing the recovery can be highly automated and very rapid.
Ransomware is winning the battle against traditional backups, but you can fight back with BaaS and DRaaS!