A ransomware attack can easily impact business continuity. ITDMs must focus on implementing better disaster recovery plans to recover from ransomware faster. Mark Potter, CISO, Backblaze, discusses tools that can help organizations to prepare for ransomware attacks.
Everyone gapes at the massive ransoms companies pay to decrypt data after a ransomware attack. Still, few realize that companies typically rely on backups to return to normal operations, not the decryption tool cybercriminals provide. If they work at all, decryption tools are buggy, slow, or both, and time is very much of the essence. The magnitude of the aftermath is often the determinant as to whether or not a company will stay in business in the wake of an attack. Cloud storage can offer a key toolset to minimize business downtime.
Cloud storage allows teams to take an end run around threat actors and their ransom demands by initiating their recovery strategy as soon as they become aware of the ransomware attack. The best disaster recovery plans mix immutable cloud backups with flexible, available compute resources; together, these tools can help most individuals or organizations to prepare for worst case scenarios.
See More: Top 10 Free or Affordable Cloud Storage Solutions in 2021
How To Recover From Ransomware Attack
Most businesses know that backing up is important for disaster recovery. But, for many smaller and medium-sized businesses (SMBs), it’s easy to skip the crucial step of planning how they will use that data to get back online. It’s understandable, given that SMB staffing levels and budgets are often constrained. Increasingly, however, disaster recovery plans fit for larger organizations are now attainable by IT teams anywhere.Â
Step 1: Immutable backups
It’s a bad day for cybercriminals when their victims can recover from backups. So, seeking to guarantee their payday, cybercriminals have started going after not just production data, but backups as well. Today, any system that’s online and connected to a network is a candidate for encryption, making a recovery all the more challenging. For example, it took UnitingCare Queensland, a community health care and eldercare service in Australia, two months to recover from the Sodinokibi/REvil ransomware attack that also attempted to delete their backups.
Before you can hope to recover quickly from a ransomware attack, you need to ensure cybercriminals can’t gain access to your backups. Capabilities like Object Lock configure in-scope files as immutable. Object Lock employs a write once, read many (WORM) model, meaning after it’s written, data cannot be modified, manipulated, deleted, or encrypted for a defined period of time. The files are still accessible, but no one can change them, including any cybercriminal deploying ransomware capable of attacking backups.
Only a handful of storage platforms offer the feature, but there’s typically no added cost to enable Object Lock beyond what you pay to store the data. If your provider offers it, you can enable Object Lock via API calls or using the provider’s user interface.Â
When you’re trying to recover from a ransomware attack, simply having backups is not enough.They need to be bulletproof. Protecting backups with immutability means you can recover faster, minimize downtime, and get back to business.Â
See More: DRaaS and BaaS: The Ultimate Resiliency Bundle
Step 2: Recovery-ready compute instance
Once backups are protected, businesses need an environment that’s prepared to ingest and restore data quickly. With this need in mind, some cloud storage providers are offering pre-built code packages that IT staff can use to create a replica of the infrastructure they have deployed on-premises in a cloud compute instance.Â
For savvy IT teams, this is essentially a cut-and-paste setup with an incredibly small amount of work to architect a recovery plan. When disaster strikes, teams can run the code to quickly deploy on-demand servers, firewalls, networking, storage, and other infrastructure with their infrastructure as a service (IaaS) provider of choice. The code then ingests the backup data to get the business back online as soon as possible.Â
This is profound on two fronts: First, these code packages are typically free and are easily modified to suit your preferred providers. Second, they offer the dependability of on-demand compute resources without having to pay for them until they’re 100% necessary. It’s like insurance you can buy after you get in a car wreck.
Do This Now, Then Forget About It
Most organizations are performing some types of backups to ensure that the organization will be able to continue operations should the operational copy of the data become inaccessible,adding immutability to your backup strategy should be relatively easy, free to set up, and automatable via lifecycle rules. Implementing a robust business continuity plan is no longer the sole province of enterprise-scale IT teams. With pre-built code packages, ransomware recovery is well within reach, even for IT teams already stretched to their limit.
Did you find this article helpful? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you.