Backup and Disaster Recovery’s Role in Beating Ransomware
Some of your clients have resigned themselves to the idea that beating ransomware isn’t possible. It’s understandable—you’ve read the headlines. Cybercriminals attacked the Colonial Pipeline in May 2021, shutting down gasoline and jet fuel transport from Texas to locations all over the Southeastern United States. The FBI was able to recover some of the more than $4 million the pipeline paid in ransom, but the final price was still more than $2 million. Almost right on the heels of that attack, a ransomware group attacked JBS Holdings, and the global beef supplier paid $11 million in ransom.
Furthermore, your clients of all sizes, including small and medium-sized businesses (SMBs), can be targets. U.S. Department of Homeland Security Secretary Alejandro Mayorkas recently warned companies of the growing ransomware threat and pointed out up to 75 percent of attacks involve small businesses.
Should Your Clients Pay Ransom?
A business’s first impulse when ransomware encrypts their files or locks devices is to pay the ransom. However, if it’s at all possible, it’s better not to pay. Research for the Cybereason e-book, Ransomware: The True Cost to Business, found that 80 percent of businesses that pay ransom experience a second attack, and 46 percent that get their data back after paying discover that it’s corrupted.
In the session “Beating Ransomware with Veeam – The Rest of the Story!” at VeeamOn 2021, Rick Vanover, Senior Director, Product Strategy, and Edwin Weijdema, Global Technologies, Product Strategy, Veeam Software, agreed. They pointed out that “ransomware encourages ransomware,” signaling to cybercriminals that a business that pays may pay again. They also pointed out that businesses that pay ransom may be committing a federal crime.
So, Is Beating Ransomware Possible?
Although, as Weijdema comments, “You can’t beat ransomware with a silver bullet—or any single bullet,” it is possible to develop a plan that can help a business recover mission-critical operations quickly and safely.
Vanover and Weijdema advise businesses to build a strategy based on Veeam’s 3-2-1-1-0 rule for backing up data:
· 3 different copies of data
· 2 different forms of media
· 1 off-site copy
· 1 copy that’s offline, air-gapped or immutable
· 0 errors after backup testing and recoverability verification
Your experience with BDR can help clients achieve this in a variety of ways. Options include:
· Tape media, which is completely offline when not written or read. Write once, read many (WORM) also prevents erasing data.
· Rotating hard drives, which, similarly, are offline when not writing or reading them
· Replicated virtual machines (VMs)
· Primary storage snapshots
· Backups stored with the MSP
· Immutable backups in AWS S3 and some S3-compatible storage
· Hardened Linux repository for immutable copies
Your clients can also opt to use solutions such as continuous data protection, instant replication and secure restore to get mission-critical operations back online as quickly as possible.
Weijdema reminds you and your clients that planning for the recovery phase is also critical. “A ransomware attack is a crisis. You should act like it,” he comments. Weijdema says following an attack, infrastructure will have to be tested and cleared—think crime scene tape around it until forensics are complete. To get a ransomware victim back to business as soon as possible, plan for alternative infrastructure or resources to use until their system is investigated, cleared, and repaired or replaced.
The Nasty Business of Ransomware
As you work with your clients to build a ransomware defense and response strategy, Vanover and Weijdema urge you to take a holistic view of security. Ransomware isn’t the only threat businesses face. Other types of malware can also infect systems, compromise data, and interfere with operations. And, remember, natural disasters pose a continuing threat, creating the risk that businesses could lose their data or access to backups due to fires, storms, or utility outages.
They also point out that ransomware isn’t always the end game. Double- or triple-extortion schemes can mean businesses pay ransom to decrypt files, then again to prevent them from being auctioned off on the dark web. Also, if data from other businesses is included in the files, ransomware groups may approach them as well to pay or have their data released.
Backups and a disaster recovery plan can’t prevent all the negative impacts from a ransomware attack, but they can give a business resilience. Weijdema comments, “Can you make sure it never happens to you? No. But if it happens, you can make sure you bounce back fast.”
By