Ransomware criminals now setting their sights on data backups

by Theo Hourmouzis, ANZ Managing Director for Cohesity

Credit: ID 154148478 © Teerachat Aebwanawong | Dreamstime.com

Of all the cyberattacks a business can face, one of the most crippling is ransomware. Simply opening an infected email attachment or visiting a compromised website can result in critical data becoming inaccessible and day-to-day activities grinding to a halt.

Ransomware gained widespread attention in 2017 when criminals used the WannaCry variant to infect more than 200,000 computers across some 150 countries. The impact on victims was disastrous.

Fast forward to 2019 and the target of ransomware criminals is changing. Rather than being content to infest and disable production environments, their sights have shifted to data backups. The logic is that most established businesses will have a data backup strategy in place and, if the criminals can also lockup these backups, the chances that a ransom will have to be paid is significantly higher.

The challenge of fragmentation

So, how do you protect these backups from cyber criminals? Well, that can be more complex than you’d think – especially if organizations are relying on legacy backup infrastructure. Within many organisations data stores have become fragmented and dispersed. Rather than having all backups sitting in a single datacentre, they can be spread across multiple geographic locations and storage platforms. This makes accounting for and protecting everything a challenge.

Also, many of the tools used to back up data were designed more than 10 years ago and, as a result, have not kept pace with today’s complex IT environments. Often the security protections they have are no longer sufficient to ward off an attack.

Take a proactive stance

Overcoming these challenges requires the rollout of more sophisticated security tools. IT teams should look for tools that can monitor and process usage and traffic patterns across a host of locations. In this way, deviations to standard data traffic flows can be quickly spotted and steps can be taken before they turn into a full-blown ransomware attack.

Naturally, there are some data backup best practices that should also be followed to minimise the chance of a successful ransomware attack. Backups of important production data should happen multiple times each day and those backups held in a highly secure, offline location. While this traditionally has meant tape storage, it can also be achieved by using secure virtual machines and cloud storage resources that are not directly connected to the on-premise backup infrastructure.

It has become relatively common to see data backup tools that are promoted for their ability to detect a ransomware attack, however having such a capability is not sufficient. Organisations also need to ensure their solution has an immutable file system, with snapshots that are inaccessible to processes and software. Having this capability in place means that a cybercriminal can, at best, infect a clone of the data but never the true backup itself.

Intelligent monitoring tools also play a role in ensuring that infrastructure is built to handle attacks. A solution incorporating integrated analytics will allow a business to find which backups contain malware and prevent them from being restored along with the data. And, if an attack still takes place even with these integrated precautions, real protection requires the power to restore massive amounts of data immediately – that is in minutes rather than hours. 

Not when … but if

Regardless of how much is invested in security and data protection tools and services, the relentless nature of malware attacks virtually guarantees an organisation will eventually fall victim at some point.

By focusing on your backup infrastructure and practices now, you can be confident you’re in the best possible shape to withstand an attack, diminish your chances of having to pay the ransom, and have vital systems up and running again as swiftly as possible.

However, these days, it’s not enough to just have a backup copy of your data. It’s critical that you have modern backup infrastructure in place that has an immutable file system, with snapshots that are inaccessible to processes and software, By identifying all stores of important data, ensuring regular copies are made, and storing those copies in a secure, off-line location, an organisation has the best chance of surviving an attack. Not taking a modern approach to backup could be a very risky approach to the problem.

Tags cyberattacks

Show Comments