Why Backups Can’t Protect Against Ransomware

Ransomware is a new type of threat. As a result it needs a new type of defense. The reason is simple: Backups are not enough to protect against ransomware. They are increasingly victims of the attack themselves, and they don’t capture data frequently enough to enable the organization to recover from an attack.

Why Well Protected Organizations Pay The Ransom

The most obvious victim of a ransomware attack is an organization that either was not backing up data or as the result of the attack finds their backups were not working properly. These companies are left with no other option than to pay the ransom. But even organizations that protect their data and have quality backups often end up paying the ransom anyway.

The problem is the time of day that the ransom attacks and how often an organization performs backups. Most backup jobs are run once a day, at night after everyone goes home. The ransomware is enabled by a user clicking through an email. Because that user is there during the day, that’s when the ransomware goes to work and very quickly encrypts all the data it can find on the network.

While it’s true backup will replace the encrypted data, it is LAST NIGHTS copy of data. Any data changed or modified during the day will not get protection from the backup. That means potentially every order taken, every contract created, or every new presentation will be lost if the organization does not pay the ransom. Recreating the one day worth of data may be an option, but in most cases the amount of data that changes is too large. And in some cases the data can’t be re-created. Imagine a online transactions in a database, video production or even the recording of a simple phone call.

If the organization decides recovery from backup is an option, there is also the time aspect. Most organizations have millions of files, the time it takes to identify the infected files and recover them could take days if not weeks. The organization may decide it is simply not worth the time to recover all the data, it may be faster to pay the ransom and unencrypt it.

If Backups Aren’t Enough Then What is?

To survive the ransomware attack, organizations need to, in near real-time, copy data as users create or move it. The destination system needs to be secure from access. We’d suggest a private connection and that all data written to the second system be read only and be able to maintain multiple versions of a file. Finally, it should notify the system administrator of file anomalies like, for example, a high number of files being changed in a short period of time.

If an alert occurs a system administrator can instantly make data available on a secondary device, essentially recovering without having to move data.

StorageSwiss Take

Ransomware is a different animal and it requires different thinking compared to the old techniques of once-a-night backup. Near real-time copies of data and the ability to point users directly to the device are critical to a successful and rapid ransomware recovery. If enough organizations implement such a solution, then the money that drives ransomware investment will dry up and the problem will subside.

Sponsored by Nexsan

Watch On Demand

Twelve years ago George Crump founded Storage Switzerland with one simple goal; to educate IT professionals about all aspects of data center storage. He is the primary contributor to Storage Switzerland and is a heavily sought after public speaker. With over 25 years of experience designing storage solutions for data centers across the US, he has seen the birth of such technologies as RAID, NAS and SAN, Virtualization, Cloud and Enterprise Flash. Prior to founding Storage Switzerland he was CTO at one of the nation's largest storage integrators where he was in charge of technology testing, integration and product selection.

Tagged with: , , , , , , ,
Posted in Blog
3 comments on “Why Backups Can’t Protect Against Ransomware
  1. Don Foster says:

    It would seem that Backup can be enough based on your article – it just cannot be one of more run of the mill traditional backup solutions. All of the things you mention require the new standard of enterprise protection. A hybrid IT ready data protection solution that is highly secured, highly reliable thru automation, with intelligence and analytics against file and object changes out of the norm all tied together with great support.

  2. George Crump says:

    Don, agreed. It can’t be the legacy once a night approach. Has to be more frequent and I think archiving had to play A role to minimize exposure

  3. […] Quelle: Why Backups Can’t Protect Against Ransomware […]

Comments are closed.

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 22,223 other followers

Blog Stats
%d bloggers like this: