Ransomware recovery: Moving forward without backing up

Phishing scams tied to COVID-19 show no signs of stopping. More than 3,142 phishing and counterfeit pages went live every day in January, and by March, the number had grown to 8,342. In mid-April, Google reported they saw more than 18 million pandemic-related malware and phishing emails each day over the course of just a single week. By mid-May, a new high in cybercriminal activity was set and coronavirus clearly had played a major role.

The main cause of data breaches continues to be human error. With so many employees suddenly working from home – cut off from everyday contact with IT – the pandemic has offered hackers an ideal period to exploit a lack of security vigilance. Outdated home software, forgotten updates, skipped patches… Aside from a welcome mat, hackers couldn’t have a more gracious invitation or an easier path into a company.

IT concern and chaos

For IT, the biggest concern with a remote workforce is the inability to control the network in a traditional sense. Perhaps their greatest fear is a ransomware attack on company data made possible by users connected through their VPN and attaching to file shares.

With the pandemic, more people are seeking information and visiting websites with charts and graphs holding related statistics. Sadly, bogus or malicious sites take advantage of the situation. Making matters worse, networks are often shared with others, such as the employee’s children, who use them for recreational activities but aren’t so savvy at identifying threats. Most ransomware attacks are the result of visiting hacked or malicious websites or clicking on an infected email attachment.

Attackers have been taking advantage of remote work “chaos” and the onslaught is unsettling. We’re seeing an uptick in gathering attempts, raising malicious code and ransomware instances because people are visiting places they normally wouldn’t and hackers are leveraging changes in work habits.

Malware is increasingly holding company resources and data for ransom, which in addition to that expense can cause costly downtime, negatively impact a company’s reputation and more.

Backup and disaster recovery (DR) technologies have progressed in recent years, reducing recovery point and time objectives (RPO and RTO). However, they haven’t kept pace with hackers, and the backup process is a significant administrative and management burden.

One step forward, two steps back

Ransomware attacks are extremely disruptive. IT needs to figure out how the infection started and see if they can prevent it from happening again. It’s imperative to have a reliable backup copy from before the infection, but in some cases, ransomware can even encrypt those along with the original files. A lot of details need to be worked out.

The problem is, traditional backups – while often an organization’s last line of defense against a disaster – are outdated and cost companies a lot of time and money. Configuring incremental and full backup schedules or pulling backups across a WAN to a central site is cumbersome at best, unreliable at worst. So is babysitting backups to find out if they worked, and rotating and refreshing tape and disk media.

In the end, it still takes days or hours to recover.

Not only does this pose significant administrative and management burden, backup remains an expensive bolt-on to storage systems. In large organizations, entire teams are dedicated to managing the backup process and ensuring their integrity. Faulty or corrupt ones remain a significant problem, in fact, ransomware can deliver code that works its way through systems over time before attacking data.

Unfortunately, backing up to just before the point-of-origin could actually set the attack in motion all over again.

Getting ahead without backing up

In a perfect world, you wouldn’t need to buy a data protection solution and your storage system would protect itself. But the world is not perfect and that’s why enterprises deploy a storage system with backup and DR. That said, though, today there actually isn’t a need for separate storage and backup systems.

By taking advantage of the cloud, global file systems can enable companies of all sizes to store, access and share file data without further backup and DR systems. They can take snapshots to capture changes – every five minutes for active data – which are sent to the cloud where the gold copy is kept. The global file system can store these in the cloud without any significant additional cost.

If snapshots are written to the cloud as Write Once Read Many (WORM) objects, data is prevented from being corrupted or overwritten. With separate metadata versions for each snapshot, restoring a file or even multiple terabytes of data takes just seconds, eliminating a full restore or migration.

What makes the process fast is a you only need to point to an earlier version of the files; there’s no need to undergo a slow copy. Because the gold copy is incremental, you’ll likely find a version that was captured just minutes before the point of infection.

Simply put, self-protecting, cloud-based global file systems do away with the need for a separate backup system. With this approach, not only does IT no longer need to dedicate time and resources to backup management, they gain better RPOs and RTOs and the ability to recover from ransomware attacks in minutes. For many IT leaders in 2020, the first step to effectively countering ransomware and ensuring their enterprises continue to move forward will be to stop backing up.

Don't miss