It’s time to attack your ransomware recovery strategy

Image of padlock against circuit board/cybersecurity background
(Image credit: Future)

Ransomware attacks have become part of the daily news cycle. The scale, severity and cost of ransomware incidents has grown exponentially in the wake of the coronavirus crisis that left businesses little option but to embrace digital channels. So much so that in 2021, according to Cybersecurity Ventures, global ransomware damage costs last year were estimated to be around $20 billion.

About the author

Andy Fernandez is Senior Manager of product marketing at Zerto, a HPE company.

With 61% of businesses hit by ransomware last year, and suffering an average of 21 days’ downtime as a result, the continued rise and severity of ransomware attacks has made ransomware a pressing board level issue. Meanwhile, cyber criminals continue to evolve their modes of operation and attack approaches when targeting organizations.

Understandably, 81% of organizations are now concerned about the risk of a ransomware attack. Because the trends indicate the likelihood of being targeted is now not a matter of if, but when.

The growing need for ransomware recovery

Ransomware costs businesses dearly. In addition to making ransom payouts, organizations have to contend with downtime and disruption of critical applications, data loss, and lost productivity as well as the time consuming forensic and regulatory investigations that can lead to fines and reputational damage.

It’s not just the world of business that is vulnerable to this ploy; the pandemic has seen hospitals, medical research organizations, and government agencies become top attack targets.

Historically organizations have focused their efforts on preventing cyber-attacks. Yet, based on how many organizations continue to fall victim to ransomware, it’s crucial that organizations include data protection and recovery into their cybersecurity framework.

With ransomware It’s not a matter of if, but when. Organizations must expect an attack and bolster their ability to recover quickly and minimize disruption and data loss.

Ransomware resilience: defeating ransomware attacks quickly and at minimal cost

Many companies often fail to factor in the unexpected cost and complexity associated with restoring all data and systems that have been targeted. However, the present threat landscape means that in the event of a successful attack, organizations need to be certain they can restore systems in a matter of minutes rather than hours, days, or weeks. This both assures business continuity should disaster strike and defeat hackers from achieving their intent.

When it comes to data backup however, the attacks on Travelex and ISS World highlight the shortcomings of legacy backup. Operations at both companies stalled as IT teams fought to retrieve data and get back online.

While IT teams would love to reduce data loss, legacy backup doesn’t allow without placing a significant burden on production environments. Plus, today’s organizations have evolved to a point where data now resides in multiple locations and workloads and is in the hands of more users than ever before. Indeed, quickly recovering business critical applications without disruption brings significant challenges for today’s increasingly digital-first organizations. Making recovery an arduous and time-consuming task that can take weeks – and even months – to complete.

Finally, backup solutions being targeted by malware to prevent recovery. Which means organizations have to assume that local snapshots or backups have been compromised by an attack.

Organizations need to bolster their data protection strategy by including disaster recovery as a ‘front line of recovery’. Going beyond the backup focused 3-2-1 rule and including replication technology will be critical in helping organizations recover quickly and minimize the threat of ransomware attacks.

CDP: The first line of ransomware recovery

Implementing a modern disaster recovery and data protection strategy that successfully mitigates any disruption caused by an attack depends on achieving the very best recovery time objective (RTO) and recovery point objective (RPO) possible.

With its always-on replication and journaling technology, CDP enables organizations to recover entire sites and applications at scale, to a state just seconds before an attack. Built-in orchestration and automation ensure all VMs can be recovered as one single crash-consistent unit, with just a few clicks and minimal disruption. Plus, IT teams can create multiple copies locally or remotely to assure the largest possible choice of recovery options, predefining everything that’s needed to successfully recover workloads such as boot sequences, or linking IPs or networks.

Finally, testing is vital for de-risking any recovery plan and today’s CDP solutions make it easy to perform failover and backup testing quickly and without disruption using on-demand sandboxes that make it possible to assess the performance of preventative measures and ensure systems are free of ransomware.

Adopting a ransomware resilient mindset

Bringing data and operations back online as quickly as possible, with the least amount of data loss is the key to assuring today’s organizations can defeat ransomware attacks quickly and with minimal cost. By ditching legacy security thinking and taking advantage of continuous data protection and modern recovery options, organizations can regain control of their destiny and ensure they can’t be held to ransom by external threat actors intent on disruption or extortion.

At TechRadar Pro, we've featured the best data recovery software.

Andy Fernandez is Senior Manager of product marketing at Zerto, a HPE company.