How a focus on recovery changes the outcome of ransomware attacks
Data is one of the most valuable resources in business these days and it is at the heart of IT systems that keep both public and private-sector operations running. When a ransomware attack removes access to data, the effect can be crippling to an organization. Ransomware has changed the very nature of how organizations need to think about cybersecurity and the value of data in an increasingly digital marketplace.
Your Data is Your Responsibility
Cyber-attacks that made the news used to be primarily data theft of credit-card information or other information that could be sold easily on the black market. Now, ransomware has elevated cyber-crime to events that paralyze the operations of one or more organizations for days or weeks. Ransomware can attack data that has no value outside your organization but that your organization cannot live without.
Your organization’s data, whether it is proprietary trade secrets, protected customer data, or operational data, is your responsibility to protect and recover. That data might be spread across various cloud services, hosted services, managed providers, and application platforms but it is still your data. No matter how secure these platforms and services claim to be, when a cyber-attack or other disaster hits, you either have a recovery solution in place to remediate or you don’t and your only recourse is litigation against the platforms you trusted with your data.
Ransomware Thrives Where Recovery Falters
For a ransomware attack to be successful, the cost to recover or rebuild from the attack must be greater than the cost of paying the ransom. The cost of an attack can be measured in disruption of operations, loss of data, loss of reputation, and the costs might continue down a supply chain to other organizations affected by the disruption. Costs add up quickly for both the recovery time and the amount of data lost.
It is well-known now that a recovery time objective (RTO) and recovery point objective (RPO) are important in mitigating the impact of a disaster. A ransomware attack is a disaster-level event and RTO and RPO are as important for ransomware as any other recovery event, but both must be effective to mitigate the costs. A poor RTO means systems may be down for hours, days, or even weeks. A poor RPO means data loss can be measured in hours or days.
What makes ransomware even more insidious and effective now is that it often targets recovery mechanisms like snapshots and other backups to prevent recovery. This means that recovery solutions that have limited recovery methods or rely solely on local snapshots or backups for RTO or RPO are at risk. With a ransomware attack, it should be assumed that local snapshots or backups may be compromised by the attack. They might not be, and then recovery is easier, but if they are, there must be another recovery option that provides the RPO and RTO needed.
What is Recoverware?
Ransomware is not new but has evolved over the years to become an increasingly dangerous threat. In the same way, backup and recovery solutions have evolved over the years to remediate more disaster scenarios. Unfortunately, many recovery solutions and the organizations that use them haven’t kept pace with modern threats like ransomware. But why?
As a cyber-security risk, attacks like ransomware have been in the domain of IT security specialists focused on prevention. And prevention is no less important now than it ever has been. But ransomware often targets systems at their weakest point, the user. No matter how hardened your systems are, it only takes one mistake by a user to let malware into the system and compromise as much as your entire network.
Recoverware takes on ransomware directly by providing the recovery options necessary to bring systems back online with a very recent replica of the data if detected quickly, or a copy of the data from long-term retention, and do so in a safe, tested environment. While security specialists focus on prevention, Recoverware provides the safety net against the attacks that will inevitably make it into the system. The Zerto platform is designed with instant recovery in mind.
Recoverware is not merely a marketing term coined to grab attention. It is an honest attempt to define a class of recovery solutions, like the Zerto platform, that can counteract ransomware when prevention has failed. Unlike the legacy 3-2-1 backup and recovery solutions, recoverware goes beyond only 3 copies of data, or only two sites. Let’s walk through an example scenario.
Acme Corp experiences a ransomware attack affecting its file server. With a traditional 3-2-1 solution, there may be point-in-time snapshots combined with backup locally to recover from, but unfortunately, those snapshots and backups are compromised because they were on the same fileserver that was hit. The next available backup copy of the data is remote and fewer points in time are available remotely. Low bandwidth to the remote site makes recovering the data terribly slow. The amount of data that needs to be recovered over the low bandwidth requires several days and user productivity is greatly reduced during that time. The cost of this disruption may get Acme Corp thinking about paying the ransom as a viable recovery option.
With a recoverware solution, Acme Corp, not only has local point-in-time recovery options from a journal with thousands of restore points, but if that local journal were compromised, there is a replica of the journal and the affected server at a remote warm site. After only a few minutes, the warm site can failover and bring back data from a previous point in time in the journal shortly before the attack, first testing it in an isolated part of the network, and then once verified, connected to the users who can continue from the most recent clean data. No need to worry about the ransom for recovery.
Recoverware changes the script that the ransomware attackers are trying to follow by making the disruption and the cost of the attack negligible. Attackers are counting on legacy security thinking and planning with a focus on prevention and recoverware allows organizations to rethink with a focus on modern recovery options.
Is Cyber-Security Part of Your Planning?
Now is the time for your organization to move forward in making recovery a part of cyber-security planning! Ransomware attackers are hoping that you haven’t and that your legacy recovery solutions are still in place to be less than adequate to the task of recovery. The right ransomware recovery solution gives you the tools and the options to rethink how you’ll respond to a ransomware attack.
Whether you have been hit by a ransomware attack yet or not, you can learn more about what true recovery means and how modern technologies like Zerto’s continuous data protection and immutable backups can help you prepare for a ransomware attack in the future.
Learn more and read the Zerto 9 eBook.