Why its Time to Rethink Ransomware Recovery

When the first documented ransomware attack occurred in 1989, it was distributed via floppy disks, its encryption could easily be reversed, and a ransom sum of 189 USD in exchange for files was to be paid to a PO box in Panama.

From these humble beginnings, ransomware has grown to become a trillion-dollar global criminal industry.

Targeting corporations and businesses of every shape and size, in every industry sector, ransomware attack techniques are becoming ever more sophisticated. Plus, they’re proliferating thanks to new business models like ransomware as a service (RaaS), which enable criminals with limited technical skills to purchase ransomware along with associated support services, like call centres that handle ransom payments.

With new successful attacks being reported on a daily basis, organisations are struggling to cope with the rising volume of attacks and the pace at which new attack vectors are multiplying. In the first five months of 2022 alone ransomware payments made by companies were estimated to be in the region of $1 million , up 71% on last year.

This startling figure highlights how organisations aren’t just struggling to defend themselves against malware. They’re also encountering real difficulties when it comes to recovering data so they can get their business back up and running fast, without paying a ransom, following a successful attack.

The IT security conundrum

Despite the fact that IT security vendors continue to work diligently in an effort to keep pace with the latest methodologies and techniques deployed by attackers, they have no definitive solution for fast-emerging new security threats like APTs (Advanced Persistent Threats) and Zero Day Exploits.

Added to this, end users continue to pose one of the biggest risks when it comes to an organisation’s network being infiltrated by malware. Whether that’s clicking on a malicious link contained within a phishing email, visiting a compromised website, using weak passwords, or engaging in risky behaviours.

Since IT security can’t guarantee a 100% success rate when it comes to defending the network against malware infiltration, organisations need to plan for a worst case scenario. Because the likelihood of a successful ransomware attack is no longer a case of ‘if’ or ‘when’ but ‘how often’.

To address this risk, many organisations are relying on recovery strategies built around the backup technologies they believe will enable them to recover data fast. Unfortunately, it’s an approach that’s proving misguided: a 2022 survey by IDC found 93% of organisations had suffered data-related business disruptions in the past 12 months and almost 68% experienced four or more such disruptions. More worryingly, only 1 in 7 companies recovered all their data following a ransomware attack.

Let’s take a look at some of the reasons why data recovery and downtime issues are proving to be so challenging.

The rise of the digital enterprise

Despite the fact that back-up vendors stridently market their solutions as providing the data protection today’s organisations need to withstand disruptions caused by ransomware, these claims are somewhat erroneous.

That’s because most organisations are now deploying their applications in the cloud or at the edge and previous generations of data protection and storage systems lack the capabilities needed to prevent data loss or downtime in these hybrid architectures.

Added to which, the task of providing data protection and recovery is becoming increasingly complex and onerous, thanks to the variety of interwoven data protection products organisations now have to deploy. Everything from backup and recovery software to mirrors, replicas and more.

Given that IDC estimates the average cost of downtime for organisations operating in every industry sector now stands at $250K per hour, today’s data-driven organisations are becoming less tolerant with regard to extended downtimes and data loss.

With strategies like periodic backups proving ineffective for delivering against the changing requirements in relation to ransomware recovery and disaster recovery, organisations will need better solutions to deal with emerging challenges and assure data recovery in the event of any failure.

A better approach: Continuous Data Protection

Eradicating the need to undertake periodic backups that equate to hours of data loss, continuous data protection (CDP) provides a continuous stream of recovery checkpoints and always-on replication that captures every change to applications the moment these occur. As a result, recovery point objectives (RPOs) can now be measured in seconds.

Using next generation solutions like CDP, organisations can now recover anything from any point in time, thanks to sophisticated journaling technologies that comprehensively record the state of an organisation’s infrastructure every few seconds.

Following a ransomware attack, IT teams are able to recover files, databases, VMs and applications to return the entire enterprise to a point just seconds or minutes prior to a ransomware attack or any other form of disruption.

Evolving ransomware recovery: eliminating the ‘backup’ gap with CDP

Current solutions based on IT-security and traditional backups are failing as the requirements for ransomware recovery and disaster recovery continue to change and evolve. Faced with increasing complexity in providing data protection and disaster recovery for the extended enterprise, organisations need to find a better approach for protecting applications that are now being deployed at the core, in the cloud and at the edge.

CDP represents the latest evolution in ransomware recovery. By capturing data changes as these are written, CDP addresses the ‘backup gap’ that is a major cause of data loss. For organisations this means that recoveries can be made quick and with minimal data loss in a streamlined, agile and simplified way.