Backups Aren’t Enough Against Ransomware
Ransomware has become the subject of many IT security concerns, and for good reason. Mid–market enterprises (defined as 500 – 1,000 employees) are targeted most frequently by ransomware. Enterprises (comprising of 5,000 or more employees) are not far behind (source). A quick search on “how to recover from ransomware” provides many sources with the same basic advice – back up your data. However, backups alone aren’t enough to protect against ransomware because most system backups are too infrequent to enable full restoration.
Backups provide organizations with a method to restore data that has been encrypted by malware to the last recovery point, which could be days, weeks, or months old. But recovering from offline backups is typically a slow, lengthy task yielding mixed results. For example, reports have identified an average minimum recovery time of 33 hours (source), but many take much longer. Consider that the City of Atlanta over a week to recover from an attack, the City of Augusta was closed for four days, and the City of Baltimore took more than six weeks to recover.
When recovering from Ransomware by restoring from backups, you also need a way to determine which files need to be restored and what files are in a good state. With traditional systems, it‘s almost impossible to produce a report in order to determine which files have been accessed and modified by ransomware.
RackTop’s CyberConverged™ approach protects data against ransomware and malware with powerful security features.
- User Behavior Auditing and Analysis – user behavior auditing creates a complete log of all file activity on the system. This can be used to detect the start of an attack as well as determine which account is the source of the infection. In the event that some files become encrypted, the user activity will make it easy for an admin to restore only the files that were modified by the ransomware in just a few minutes/clicks.
- Data Protection Policies – BrickStor’s automatic data protection policies create space efficient immutable snapshots of data. With data protection policies, users can configure a snapshot frequency and designate how long a storage profile should be retained. When replication is enabled, BrickStor can instantly back up snapshots to a secure, remote location, while that same data remains accessible locally. These features work in concert to provide rapid data restoration.
- Automated Alerts and Responses
Because BrickStor provides protection for data throughout its life cycle, threats are easily mitigated, because you can restore your systems exactly to how they were just before the attack. There’s no need to pay the ransom to get your data back when you have an exact, untainted copy of it. See for yourself in this quick video below: