Ransomware: how the right backup solution can help you recover quickly from an attack

Ransomware: using backup to recover from an attack

Ransomware attacks are a major concern for those in senior IT roles. Preventative security alone isn’t enough, and attention is increasingly turning to the role of secure backups in enabling rapid recovery from a ransomware attack.

The impact of ransomware has grown rapidly over the last few years, to become a massive headache. According to Dell, cybercrime will cost the world $10 trillion by 2025!

More often than not, a cyber-attack involves you being denied access to your data with a promise of access rights being reinstated if and when you pay a ransom. However, even if you pay up, there’s no guarantee you’ll get back access to your files and computers, nor that the attackers won’t return.

The best approach is, of course, to protect your systems with robust up-front security. But in practice, this can never be 100% - the real world always involves risks and compromises, particularly once you factor in social engineering and human mistakes. It’s reasonable to assume that, at some point, you could fall victim to ransomware.

What about backups? The problem here is that ransomware rarely attacks as soon as it has access to the network. As a result, you end up backing it up as well, which means that your backup is also infected. In other words: the backup is useless as a means of recovery when the ransom demand is made.

To prevent this, you need backups that are immune to attack. Several IT vendors are now offering solutions that they say achieve this goal.

One company specializing in this area is Rubrik, which takes what it calls a ‘zero trust’ approach. This means that it aims to protect data and applications from multiple sources, with ransomware front and centre as a high-risk issue. As well as pro-actively detecting unusual behaviour, which can indicate an attack, the Rubrik solution also provides ‘ransom-ware proof’ backups. With a recent, clean backup, this means Rubrik’s customers can respond rapidly after a ransomware attack, and can restore files quickly and easily.

To achieve this, Rubrik creates ‘immutable’ backups, which means that the backup cannot be changed or deleted after it is constructed – so, there’s no meddling by attackers.

Immutable backups are not a new concept, and are available from multiple vendors (including big names such as Dell, NetApp and HPE), but Rubrik’s approach of putting immutability at the heart of its solution is definitely worth considering.

Looking at other options, Dell offers what it calls a Cyber Recovery Vault, which uses immutable backups to protect data against ransomware attacks. An extra level of security is provided by an air gap, thus physically and logically isolating the data in a dedicated vault.

HPE offers ransomware protection through Zerto, an HPE company. It similarly focusses on fast, straightforward recovery after an attack – and quotes the example of its customer TenCate, who cut recovery time from two weeks to less than 10 minutes.

While ransomware attacks are a serious problem, the good news is that vendors are providing the ammunition to fight back. As someone that specialises in infrastructure, I’m excited by the role that a good backup and recovery solution can play in combating ransomware attacks.

If this post has prompted you to review your backup and DR, you can use me as a sounding board – it’s what I’m here for! Get in touch through your account manager if you’d like to pick my brains.