Ransomware Is on the Way and Backups Are Your Best Defense

I don’t care what your business is nor how secure you think your computers or cloud are. Sooner or later you will have to deal with ransomware. The Cybersecurity and Infrastructure Security Agency (CISA) puts it best: “Anyone with a computer connected to the internet is at risk” There are many ways to defend yourself against ransomware, but a recently released Enterprise Strategy Group (ESG) study for Danish data protection service provider Keepit underlines the simple truth that good, secure backups are a necessary part of your ransomware protection kit.
Is It Really That Bad?
You may ask, “Is ransomware really that bad?” It is. Last year, network security vendor SonicWall called 2021 “the year of ransomware” thanks to an average of 1,748 ransomware attempts per customer by the end of September. Altogether SonicWall reported spotting a crazy 495 million ransomware attempts by the end of September.
Nor is ransomware something you can easily or quickly recover from. A major ransomware attack hit the Baltimore County school system in November 2020 and to this day the system is still reeling from its impact.
The ESG study found that 79% of those surveyed reported their organizations had experienced a ransomware attack within the past year. Of those, nearly three-quarters reported they’d been “financially or operationally impacted by these attacks.”
Worse still, 56% admitted they’d paid a ransom to regain access to their data, applications, or systems. Not mind you, that paying up was that big a help. “Only 14% got all their data back following payment.”
Some people also believe — God knows why, I don’t — that cloud data is somehow immune to ransomware attacks. Ah, no. No, it’s not. ESG found that 39% of successful ransomware attacks snagged cloud data as well.
Vulnerable Software and Misconfigurations
The survey of IT professionals in the US and Europe also found that while phishing e-mails get all the publicity for ransomware attacks, “vulnerable software and misconfigurations’ ‘ are more often exploited by attackers. Specifically:
- Application software vulnerability: 36%
- Systems software vulnerability: 33%
- Application user permissions and misconfigurations: 31%
- Misconfiguration of externally exposed devices: 31%
- E-mail: 27%
More worrying, just over half, 52%, of the respondents admitted that their organizations have vulnerability management gaps.
What Can You Do?
So, what can you do? Well, clearly you can always improve your security, but you need more than a bigger, better wall against attackers. Keepit suggests that you use secured backups to protect your critical data. Now secure backups are Keepit’s stock in trade, but that doesn’t mean they’re wrong.
An intelligent ransomware attacker knows to target your backup systems. Otherwise, you just patch up the security hole that the attackers exploited in the first place, clean out your systems, and restore your data. It’s still a pain in the rump, but it’s fixable.
Today, you need backup systems that are more than just tapes on the servers or cloud backups. As Jakob Østergaard Heguland, Keepit’s CTO, said, “Public cloud infrastructure has become a destination of choice for data backup, which means that cloud data is increasingly becoming a target for cybercriminals who really want to render businesses inoperable.”
The Solution
The solution? Air-gapped; immutable, aka gold, backups; or otherwise isolated backups. With these, the ransomware literally can’t get to your backup because, until they’re brought online for restorations, you can’t get at them. Thirty-seven percent of those surveyed liked this idea but only 30% have actually deployed an air-gapped approach.
Another win in the backup battle against ransomware is using granular restores instead of full rollbacks. This best practice works when the backup and recovery solution enables you to pinpoint specific files, virtual machines, etc., rather than forcing a larger, slower recovery. With granular recoveries, you can also exclude suspicious components and “dirty” data.
To further protect your company from ransomware attacks, Keepit strongly recommends you frequently test restoration processes. After all, practice makes perfect. The more your company does this, the better and quicker you’ll be at resuming business as usual when you really need to shed off a ransomware attack.
This is especially important since ransomware data restoration is not as straightforward as a normal recovery. You must be certain your backup’s data is clean. The last thing you want is to reinfect your systems just when you thought everything was back to normal!