Shortening Data Recovery Times in the Wake of Ransomware Attacks
Ransomware is a huge problem that isn’t going away anytime soon. A recent study (2023 SonicWall Threat Mindset Survey) found that 55% of organizations are deeply concerned about the intensification of cyberattacks in 2023, with 83% citing ransomware as their biggest concern. Phishing and spear-phishing (76%) and encrypted malware (64%) comprised the top three concerns. Each represents an avenue of encroachment that often results in a ransomware incident.
Ransomware is malicious software that encrypts the company’s data and demands payment for its release. Such attacks can lead to significant financial losses and business disruptions, and there is no guarantee of getting your data back if you pay the ransom. Organizations have responded mainly by instituting defenses to thwart attacks and air-gapping their recovery data.
An air-gap is a vital security measure. It involves isolating a computer, backups, copies of data, by preventing them from having a direct external network connection. In other words, the data is physically segregated. This segregation is best achieved by using tape technology.
Air-gapping is extremely important. But it is not enough. A major pain point remains – slow data recovery times.
Ransomware’s Financial Burden
The financial burden of ransomware is extensive, according to security firm Sophos. The average total cost of recovery from a ransomware attack more than doubled between 2020 and 2021, from $761,000 to $1.85 million. In terms of operational disruption, data from security firm Checkpoint highlighted that the recovery time from ransomware attacks increased to an average of 14.9 days in 2023, up from 7.8 days in 2021.
Recovery in the wake of a ransomware incident is resource-intensive and laborious. Many organizations are unprepared as they have failed to formulate the right strategies to bring about a quick and safe restoration of data and a return to full operational status for the organization.
An effective way to address slow data recovery times in the wake of a ransomware attack is to institute a versioning file system. This approach enables a fast, simple restoration from an earlier unencrypted version, i.e., the bad guys may have encrypted one version, but another exists that can be used to get systems back up and running fast. The beauty of this approach is based on the principle that versioned files cannot be encrypted and are available for instant recovery from the where they are stored.
Versioning file systems work with any underlying storage technology. They look like a filesystem regardless of what’s backing it. This process allows IT to quickly and easily find a version of their files from a time period before the ransomware event.
Preparing for a Ransomware Event
Security consultancy NCC Group notes that ransomware attacks are far from over. In fact, they are in the ascendancy. The amount recorded in September of 2023 is 153% higher than in September of the previous year. To make matters worse, the number of double extortion ransomware groups increased by 76% year-over-year. New threat actors, including LostTrust and RansomedVC, have joined the game due to the lucrative nature of ransomware. However, the cybercriminal gang LockBit remains the biggest threat and the most active ransomware proponent. These attacks are going up in just about every vertical. Healthcare experienced the most significant rise, with ransomware attacks up by 86% in September 2023 compared to the previous month.
In light of these numbers, organizations need to:
- Stop hoping that ransomware won’t impact them. It is a matter of when not if.
- Institute a tape air-gap.
- Institute an active archive that isolates cold data offline.
- Institute a versioning file system for instant recovery from a ransomware incident.
- Build a “First Hours” communication plan
You can find out more about emerging use cases for active archives by listening to the recordings of the 2023 Active Archive Virtual Conference.
