Ransomware: Why Backups Can’t Wait

October 14, 2016 · steveverbanic · · Comments

Ransomware attacks are exploding. Recently, the U.S. Department of Homeland Security and the Canadian Cyber Incident Response Center issued a joint statement warning of the worsening ransomware situation targeting Windows, OS X, and Linux platforms. While prevention is important, malware and malware-less attacks are proliferating and becoming increasingly harder to detect. Organizations can not afford to believe that a ransomware attack won’t happen to them and need to prepare for the possibility of an attack.

As threat actors become more sophisticated and pass down knowledge by offering exploit kits to make it easier for others to launch ransomware, swiftly recovery of data and operations is critical. The importance of a having a solid backup and disaster recovery plan can not be underestimated.

Ransomware Strikes Hard

It all began with one laptop at a large pharmaceutical company who discovered that it had been compromised by CryptoLocker and learned the necessity of backing up data firsthand. Like other forms of ransomware, CryptoLocker encrypts files without permission. Only when the victim of an attack pays the ransomware are they given the key to decrypt corrupted files.

In this particular case, the ransomware impacted the user’s entire department, bringing their day to day operations to a grinding halt.

Using NetApp to Avoid the Ransom

In total, 46 drives and one aggregate were affected. The compromised company contracted Kroll Ontrack to remediate the attack. Fortunately, the company used NetApp FAS for data storage. The architecture of NetApp’s WAFL enabled Kroll Ontrack engineers to go back in time to recover the data. WAFL is a proprietary file system that automatically creates checkpoints every ten seconds. Using multiple checkpoints, engineers merged the data to provide the customer access to unencrypted copies of their original data. The victim of this attack was able to recover data without paying a ransom.

This situation is instructive. With the right data storage and backups in place, it is possible to recover from a ransomware attack without giving into ransom demands. However, too many companies lack the proper infrastructure to carry out a successful data recovery plan. Many IT managers let their existing backup tools dictate the recovery plan — when it should be the other way around.

There are three basic steps organizations need to take when devising a recovery plan:

  1. Decide how to restore. (i.e. granular object, multisite, or whole-VM restore)
  2. Define goals based on business needs, not current technological capacities.
  3. Design a data protection strategy driven by those needs.

Stopping Ransomware

To turn the tide on Ransomware, organizations must not only have the right solutions in place for monitoring and detecting threats, they need to have a solid backup and disaster recovery plan in place.

According to ESG, NetApp delivers almost every aspect of the Data Protection Spectrum through its “built-in” integrated data protection offerings for a range of recovery/usability scenarios. As a NetApp partner, SLAIT Consulting works with organizations to design and implement disaster recovery plans. If a ransomware attack strikes, we make sure you are prepared.