How Smarter Backups Can Help Your Organization After a Ransomware Attack

The threat of ransomware is forcing companies to reassess not only their cybersecurity defenses but also their ability to recover from an attack. 

Most organizations have disaster recovery plans that address events such as floods or tornados. But that’s different from cyber recovery, which enables an organization to overcome a malicious attack, especially one designed to stop the business in its tracks, such as ransomware. That’s why organizations need a solution for cyber recovery too.

It can take months for an organization to discover that its systems have been breached. Meanwhile, the bad guys are hanging out in the environment and studying the organization’s processes — including how it backs up data. When they figure that out, they destroy those backup copies, which puts the organization in a very difficult position. This is when the cybercriminals activate their ransomware and demand payment. The organization discovers that its backup files are encrypted, corrupted or otherwise inaccessible. This is the scenario that Dell PowerProtect Cyber Recovery is designed to save organizations from.

Numerous technology solutions are intended to keep the bad guys outside an organization’s perimeter. But Cyber Recovery assumes the bad guys will get in. It is intended to help organizations recover quickly.

A backup for disaster recovery purposes is typically a full copy of an organization’s data. But “full copy” is an ambiguous term. It may not include Active Directory and storage and network configurations — the intelligence that tells IT administrators where the data goes. Having the data is one thing but being able to get it back into a readable format is another. 

Cyber Recovery complements disaster recovery backups by putting that critical information in a vault: Active Directory, configurations, settings and key database backups. 

This vault, by the way, is isolated and off the network, a factor that makes Cyber Recovery unique. Typically, backup processes leave breadcrumbs behind, and this helps attackers figure out an organization’s systems. Cyber Recovery, on the other hand, pulls this data out without the backup application ever knowing that it happened. Keeping the vault air-gapped from the production environment means that it can’t be tracked or accessed, further protecting it from attack.

Story by Steve Allison, an accomplished cybersecurity expert, thought leader and mentor. He has over 30 years of DOD intelligence, cybersecurity, risk management and forensic investigation experience.

Cyber Recovery also helps organizations get back on their feet by discerning which data is corrupted, which data has been encrypted and which data is still good. This makes it possible to get up and running in a matter of hours rather than weeks or months.

For instance, data pulled into the Cyber Recovery vault is scanned each day to confirm that it’s solid. If data appears suspicious, the solution alerts IT teams to indicators that a ransomware attack may have occurred — red flags such as different extensions or thousands of new files that have appeared overnight. 

The assumption, at that point, is that a ransomware attack has occurred. The organization’s IT leaders know that today’s data is compromised, but yesterday’s data is safe. That’s the copy the organization can use to recover.

Story by Steve Allison, an accomplished cybersecurity expert, thought leader and mentor. He has over 30 years of DOD intelligence, cybersecurity, risk management and forensic investigation experience.

Any organization can be a victim of ransomware, but small and midsized businesses are among the most vulnerable because they often do not have the resources to overcome the damage. When a ransomware attacker demands payment, that’s just the tip of the iceberg for the financial damage the organization may face. 

Myriad costs are associated with an attack, from the loss of revenue to legal expenses. The payment demand may be $100,000, but in the end, the damage to an organization could cost it well over $1 million. All too often, the total cost of an attack is more than an organization can sustain, and it will literally go out of business. 

This threat is why cyber recovery solutions have become essential. Investing only in disaster recovery is no longer enough — especially when there’s a much greater chance of a cyberattack than a natural disaster.

Story by Mike O’Connor