Managing and protecting all enterprise data

Maxim_Kazmin - Fotolia

Ransomware protection best served by backing up your data

A recent survey illustrates how extensive ransomware threats have been, and Rich Castagna says backing up data remains your best defense

Haven't tested that disaster recovery plan in a while? What about checking to see if your backed-up data is actually recoverable if needed?

If your answer to either of those questions is anywhere close to "We tested before the Cubs won the World Series," you're probably not sleeping all that well these days. And if you are, you shouldn't be. As if hurricanes, earthquakes, snowstorms, fires, floods and felonious activities weren't enough to get your DR dander up, toss in the current ransomware rage and suddenly no backup or disaster recovery plan seems adequate.

A recent report conducted by endpoint and server security app vendor SentinelOne painted an alarming picture of most companies' vulnerability to ransomware attacks and their apparent lack of ransomware protection. In fact, the survey data -- collected from IT shops in the U.S., the U.K., France and Germany -- revealed that nearly half of the responding companies had already been victimized by ransomware at least once. The rate of attacks was consistent across all of those geographies. Ransomers also proved to be equal-opportunity interlopers going after small, midsize and large companies at about the same rates, and showing little preference for any particular industry verticals.

The message is clear: If you've got data, look out.

Survey says

I'm sure the companies that manage to survive ransomware attacks did so because they had current data stashed away somewhere, and they are now toasting the often-maligned backup gang as heroes.

Most ransomware gets into your systems by evading antivirus or other security to directly strike at your company's weakest links: users. Email and social media phishing accounted for a whopping 81% of the attacks documented by the survey, followed by clicking on infected or hijacked websites (50%). Best defense when it comes to ransomware protection? You could take away their computers, tablets and phones and unplug the internet. Sure, and you can move company headquarters to a cave in the Himalayas.

Some of the survey respondents (45%) said they were able to reverse the effects of their attack by decrypting the encrypted data. I don't know all that much about security, but from what I've seen with some of these ransomware events, that's a pretty miraculous achievement. But 25% of the ransomers' prey reported they were able to survive the attack because they had recoverable current backups of the encrypted files.

It didn't really require a Herculean effort to recover those backed-up files, either. On average, it required 33 employee hours to get back to business with clean data. Nearly half of respondents (48%) needed even less time to set things right.

Losing data is pretty bad, but some businesses lost even more than that. Thirty-seven percent felt their companies' reputations were tarnished as a result of the event, and 22% said that a high-level head or two got chopped because of the infraction. But most reported that they ended up spending more money for better security (67%) or even cyberinsurance (15%) to provide ransomware protection.

A toast to backup

If you think encrypting everything will provide ransomware protection, think again.

Interestingly, the survey on ransomware protection, or lack thereof, apparently didn't provide another option for that question, that of backup and disaster recovery. I'm sure the companies that managed to survive ransomware attacks did so because they had current data stashed away somewhere, and they are now toasting the often-maligned backup gang as heroes. And those who didn't make out as well are likely looking at ways to improve their data protection practices.

You knew I wasn't going to stray too far from storage, didn't you? But the truth is that good storage practices and effective data protection are the only things standing between your company losing its data or paying a big price to get it back. And it really is all about backup and DR. If you think encrypting everything will provide ransomware protection, think again. Some encryption algorithms can encrypt already encrypted data -- try saying that three times fast, but don't bet on it working.

These attacks can be crippling to a company, and the more data that gets tied up, the more serious the consequences. But with a copy or two of current data nestled safely in the cloud, you might not just save your company's -- and your -- neck; you could end up being a hero. Pretty cool for a backup guy, eh?

Article 4 of 7

Next Steps

Does backing up data frequently help ransomware recovery?

Smart employees can stop a ransomware attack

Be wary of cloud-based ransomware attacks

Dig Deeper on Data backup security

Get More Storage

Access to all of our back issues View All