Today, analysts estimate that a ransomware attack on businesses occurs every 14 seconds – costing organizations billions of dollars overall.
Given the increasing frequency and scale of ransomware attacks, this is not surprising. The first ransom payment – around 1989 – paved the way for hackers around the world to begin encrypting and locking the data of unsuspecting victims to keep it until the owners paid the price set to recover it.
That’s why it’s essential to keep these five considerations in mind when developing a strategy to anticipate, identify, and counter a ransomware attack on backups.
1 – The extension of the attack surface exposes backups to ransomware attacks.
It is first necessary to reduce the attack surface of the company and understand both the type of data hosted and its location To prevent successful ransomware attack attempts. A unified solution for the governance of infrastructure flows and backup sites protects organizations against malware by eliminating massive data fragmentation.
2 – Long backup and recovery cycles add to the hardship of ransom demand
The backup and recovery solution must be able to quickly respond to attacks and quickly locate and delete infected files wherever they are in the data management infrastructure – including public clouds. It must also have instant mass recovery capabilities so that hundreds of virtual machines can be restored instantly, at scale, and at any point in time in the past.
3 – Attacks on backups facilitated by intermittent monitoring
The organization must be able to detect an attack in real-time. That requires a solution that can monitor, automatically detect rates of change, and generate alerts based on continuous analysis of files and audit logs without the need for special attention.
The right backup solution will protect your business from cyberattacks in an automated manner every second, every day.
4 – Ransomware attacks make backups a liability
It is necessary to establish a multi-layered defense to prevent ransomware from attacking the backup environment. The primary backups must be kept in an immutable state (read-only) and must never be made accessible to prevent them from being mounted by an external system. Also, multi-factor authentication (MFA) and write once read many (WORM) for snapshot are vital functions.
5 – Entry points in public clouds for criminals
It is essential to have a backup and recovery solution that provides a single, centralized dashboard to stay ahead of ransomware. Being able to see quickly, manage, and act on backup data – whether it resides on-site or in public clouds – helps protect the business from ransomware attacks.