This article was first published in Teiss.
There’s no doubt that ransomware has been taking over the news agenda in recent months. In fact, recent research discovered that the number of global ransomware attacks surged by 288% between the first and second quarters of this year.
Among the many high profile victims are the Health Service Executive in Ireland and JBS – the world’s largest meat processor. It’s becoming increasingly clear to all that no organisation is immune, regardless of size or sector. Moreover, these types of attacks impact the general public, not just big enterprises and corporations.
The resulting consequences have escalated, causing everything from food shortages to the inability to access critical healthcare services. As a result, authorities around the world are starting to recognise the need to act now and combat the ransomware epidemic. For example, the head of the UK’s National Cyber Security Centre recently confirmed that ransomware has become the biggest threat to online security for both businesses and individuals.
When it comes to ransomware, it’s no longer a question of if an organisation will get attacked, but when. Therefore, an effective recovery plan is essential. Unfortunately, many organisations are relying on outdated technology and solutions, which may be putting their mission critical data at risk.
Traditional backup solutions are living in the dark ages
For many years, backup solutions have been the go-to protection against ransomware. However, the perpetrators have grown wise to this fact and, as a result, modern attacks will often target backup files as well. Since traditional backup solutions do not provide the necessary protection for data copies against ransomware, it’s making recovery a very long, difficult process.
Restoring from backups can often be slow. The whole process can be time and labour intensive, with multiple admins needed to restore the data in a new location, then connect and open a database application.
If for any reason the restore fails, for example, the data is still encrypted, the process needs to be repeated, which could take days. Of course, when faced with an attack, organisations do not have those days to spare.
Another issue with legacy backup solutions is that they often only backup once a day. Whereas, in order to be as effective as possible, modern solutions need to provide same-day detection, response and correction, whilst tackling a wide variety of threat vectors.
Given that every moment spent trying to restore data through legacy backup systems is likely causing some form of downtime – which can be extremely costly in itself – it’s no surprise that many victims give up and pay the ransom. One of the most extreme examples is the recent Colonial Pipeline attack – which ended up paying out $4.4 million after being crippled by the DarkSide gang.
However, paying the ransom doesn’t in any way guarantee that you’ll get your data back. In fact, recent research revealed that 92% of organisations who pay a ransom fee don’t get all their data back in return.
To make matters worse, another report found that of those that pay a ransom, 80% are likely to be attacked again, often by the same group of cybercriminals. It’s clear that paying the ransom is not the solution, therefore organisations need to reconsider their approach to ransomware.
What does the future hold for ransomware protection?
As cyber criminals become increasingly sophisticated in their methods, it’s unsurprising that legacy backup solutions created decades ago are no longer enough to combat them. With technology continuing to advance, businesses need to adapt and adopt a more modern defence strategy if they are to effectively protect their data from the latest ransomware attacks.
One way of achieving this is through isolating the backup network and removing system-level access to backups, creating a type of “air gap” between the two systems. This way, the backup system remains connected to the rest of the system, but even a hacker who has access to production data will be locked out of the backup files.
It’s helpful to think of this “air-gapped” backup system as a separate data appliance: It looks to the operating system like a physical device that runs by its own rules, but it is in fact a virtual device that can read and write to the system.
Creating a virtual data space not only manages the storing of the agency’s data on physical media, but it also creates a virtualised copy of the data. Most importantly it provides a viable alternative to paying the ransom, as it enables the frequency of backups to be increased to minutes or even take place in real-time, minimising the data loss during the restore process.
We’re approaching a stage within the evolution of ransomware, where it’s a case of when not if, a business will be attacked. While data protection is rapidly becoming a top priority for organisations, there is still much to be done.
Staying ahead of the ransomware threat will be a continuous journey, as attacks and technology develops. There is no shortcut on this journey. However, updating and modernising backup solutions and focusing on a quick and effective recovery is a great place to start and could make all the difference in an attack situation.