Options: Restore Data or Pay Ransom

Backups are the foundation for successful data recovery in the event of damage – for example, ransomware attacks. But how do you know that restore or recovery will then work? Thomas Sandner from Veeam explains what constitutes secure backup data.

The ransomware infiltration was successful, all company data was encrypted: Nothing works anymore. Now the extortionists want their ransom, otherwise, the data will be gone or published. What to do? Make do with the incomplete backup and return to day-to-day business with 70 percent of the data. Restore the system on your own or with a service provider, although that could take months and be expensive. Or pay the ransom after all?

When you have to ask yourself these questions, it is usually already too late, because then all you can do is limit the damage. On the other hand, you can keep calm if you have planned ahead and have several comprehensive and protected backups up your sleeve. Although complete data backup is a complex matter that requires several stable cornerstones, it is worth taking a close look at what constitutes a secure backup.

The backup rule for success

You can only drive safely if you back up several times. This credo is taken up by the 3-2-1-1-0 backup rule: three copies of the data are stored on two different media and one copy is stored externally. In addition, one copy is write-protected or stored in an unalterable form, and last but not least, zero recovery errors through regular tests guarantee that data is restored on schedule. In addition, modern data protection starts with terminology: The phrase “restore a backup” oversimplifies the process, and many organizations are misled into making incorrect assumptions about their actual backup and recovery capabilities.

READ:  Best Practices for Micro Segmentation

But for robust security architecture, assumptions about the status quo are not enough; certainty is needed because essentially the options in the event of a successful ransomware attack are: to restore from a full and secure backup or leave a lot of money on the table – with no guarantee of actually getting the data back.

Unfortunately, few companies are adequately prepared: The Veeam Data Protection Trends Report 2022 shows that only 36 percent of organizations were able to recover more than 80 percent of their data after a ransomware attack last year. This statistic is frustrating because it suggests that these companies considered or even paid a ransom.

That’s why it’s necessary to have a well-thought-out plan that provides for verified, tested, and secure backups that can be quickly restored.

Secure backups must exclude malware

The best solution is a combination of necessary product features and best practices that ensure the security architecture can perform the following processes:

  1. New workloads are detected as soon as they come online.
  2. Data is demonstrably protected.
  3. Recovery occurs at a scale that does not introduce new threats to the environment.

In addition, security solutions such as anti-virus software should be kept up-to-date and should also be able to detect zero-day attacks. To ensure that the copies do not introduce new malware during the restore process, it is also advisable to test the backup in an isolated sandbox, i.e. in an environment separate from the network – especially as modern malware can only be detected during execution.

READ:  What is A Computer Worm?

Depending on the type of network, an additional security network is recommended: several layers of immutable storage both in the cloud and on-site on the server. This reduces operating costs and increases security.

Backup must be logged and verified

How do you prove that a backup was successful? Many organizations rely on either the logs after a backup job is completed or develop their own scripts to test the integrity of the backup for verification. However, these logs do not provide any information about the successful completion of a restore, as they only state that the job was completed. This does not prove that the data can be restored in a disaster and that the process was error-free.

Those who develop their own process take a step forward but increase their workload by maintaining scripts or relying on having time for a manual recovery process. One step forward, two steps back. The best recommendation is to run multiple automated tests on your own backups to confirm that the data is free of malware and can be restored quickly.

Only a prompt recovery is a lossless recovery

1,356 euros. That’s how much a system failure costs companies in one minute. That adds up to over 81,000 euros in an hour. Researchers also published this cost estimate in the Veeam Data Protection Trends Report 2022, and it shows just how existence-threatening the consequences of server downtime can be. Combine that with the growing gap between the service provider’s cost of data recovery and the actual speed of recovery, and it’s no wonder many companies simply pay the ransom.

It just goes to show: Any kind of data loss and downtime is unacceptable. Therefore, fast or immediate recovery is the ultimate goal of modern data protection. Sophisticated options to recover individual files are just as significant as application recovery to quickly resume operations. However, if the worst comes to the worst and entire volumes or servers are paralyzed, some software can still save a lot of data, but you should not let it get that far, because full prevention beats any reaction, no matter how quick-witted.

READ:  The Color of Security: Working Safely with Last Pass

Preparation guarantees disaster recovery

Hope alone is a poor advisor and the last straw in an emergency – and successful ransomware is a disaster. Automation and orchestration have therefore become critical to IT security, and the same is true for modern data protection. Incorrect phrases during a ransomware attack start like this: “I think it works like this …” or “Actually, this and that should happen now …”. However, disaster recovery (DR) is only successful if a well-documented plan has been prepared beforehand, and has been tested extensively. Automated SLA (Service Level Agreement) testing for recovery, for example, is a recommended approach here because it plays out such scenarios to the end and provides information about how well you are really positioned as a company.

Modern data protection is a priority for every organization

Backup and recovery are no longer an isolated part of the IT infrastructure that you can simply assume will somehow work in an emergency. Fast, reliable recovery of critical data is an integral part of the overall security architecture of digitized enterprises in every industry – and that’s just as true for public institutions and government agencies.

Data is one of the most valuable assets of our time and requires appropriate protection. A full, multiple, and clean backup is therefore the last and best line of defense wherever sensitive data needs to be protected.