Thwarting ransomware attacks

Ransomware attacks are becoming a regular occurrence in today's news, exposing the vulnerability of businesses that depend on data for day-to-day functioning. Not only IT and security professionals, but also business managers are increasingly confronted with this threat.

Companies are particularly vulnerable during certain times. For example, peak travel season could be a difficult time for a travel agency hit by a ransomware attack, even threatening its survival. Similarly, for an online retailer, the pre-Christmas period, when sales are at their peak, would be disastrous.

Ransomware attackers are aware of these moments of weakness and can delay their attack until the time is right. In some cases, they may already have a foothold in the system and are just waiting for an opportunity to encrypt data.

When data is encrypted at a critical moment, the likelihood of the victimized company paying a ransom to quickly restore their vital systems increases. The best protection would be a data security system that could completely block a ransomware attack. Unfortunately, there is still no foolproof defense against these threats.

Businesses, therefore, must resort to the second best defense: recover their systems as quickly as possible to thwart the attacks.

Quick recovery, however, can be difficult. Businesses often rely on traditional backup solutions for their critical applications. These solutions may work well in small environments, but in larger environments, recovery can take days to weeks.

The recovery delay mainly results from the difference between applications and servers. Conventional backup methods protect individual servers, which can be grouped together but protected separately at different stages of the backup process.

This implies that the recovery problem already starts with the backup: after recovering the servers, the backup administrator must ensure that the complex applications, composed of different servers, are coherent and consistent.

This process varies for different applications and usually only a small number of people in the company have the knowledge or permission. Restoring an application includes both the time needed to restore the various servers that compose it, and the time to verify the consistency and consistency between them, an essential condition for returning to production.

The real goal is to go back to production, not just restore individual servers.

The restore process can take hours or days, depending on the size and complexity of the applications to be restored. This is especially problematic when a ransomware attack brings down all of a company's applications.

The number of people who can restore data and restart applications is limited. It can easily be calculated that it takes 33 days to recover 200 critical applications if the average recovery time for each is six hours and only two teams have the necessary skills and permissions to work 18 hours a day.

Many companies are unaware of this problem. The seriousness of the situation only becomes apparent in an emergency, when it is too late. In the past years, most companies have faced problems with single applications only. Backup and disaster recovery specialists were always ready for recoveries, which usually happened within an acceptable time frame of a few hours.

Lack of experience with large-scale problems is a problem, as is the fact that so-called Disaster Recovery (DR) tests are passed on a regular basis, which leads companies to feel confident.

However, these tests are of little significance in the case of a ransomware attack, as they are usually conducted on a subset of applications due to the limitations of currently used technologies.

The solution to this problem is quite simple, both theoretically and practically: instead of protecting individual servers, applications should be protected as consistency and consistency groups from the start. There are modern solutions on the market that use continuous data protection (CDP) instead of periodic backups.

These new technologies integrate disaster recovery, backup, and cloud mobility into one simple, scalable solution. They provide a foundation for continuous data replication without compromising performance and enable consistent recovery of applications.

A "journal" tracks all changes over time and, thanks to native orchestration, allows the recovery of files, individual servers, complex applications or entire data centers.

Orchestration and automation allow enterprises to predefine everything needed to successfully recover their critical applications and IT systems, managing boot sequences, IP addressing and network configurations, all with just a few clicks. In practice, this allows any company to revert to the existing state seconds before an attack. In today's threat landscape, ransomware attackers know exactly when they can cause the most damage. To avoid the worst-case scenario, many businesses rely too much on their traditional defenses, forgetting that it can take weeks to restart all critical applications in the event of a disaster. This risk is underestimated.

To mitigate the worst-case scenario in the event of a ransomware attack, a quick recovery is essential.

Modern solutions allow complex applications to be recovered with just a few clicks, drastically reducing recovery times. This way companies can truly challenge hackers, making it unnecessary to wait for the right moment to cause maximum damage.