CDOTrends

The Road Out of Ransomware: Why Recovery Is the New Frontier

By Edwin Weijdema, Veeam on September 25, 2023
Image credit: iStockphoto/vvvita

As attackers target individuals, businesses, and governments alike, ransomware has emerged as one of our most significant cybersecurity threats. When cybercriminals encrypt valuable data and demand hefty ransoms, it paralyzes operations and causes severe financial and reputational damage. Some attacks made some big headlines in the past. However, the ransomware threat has become an unfortunate reality for practically every organization. According to the Veeam Data Protection Trends Report 2023, 85% of organizations were hit by at least one ransomware attack last year, and just under half (48%) suffered even two or three attacks.  

So, as cybercriminals constantly evolve their tactics and find new ways to bypass security measures, it’s become a case of when, not if, a successful attack occurs. Traditional prevention methods, such as firewalls and antivirus software, are still crucial, but they are not enough to be prepared for advanced ransomware attacks on their own. Organizations must prioritize robust recovery strategies to minimize the impact on operations, business continuity and reputation. While many recognize the importance of this shift to build substantial resilience against ransomware attacks, more emphasis should be placed on strengthening your incident response and disaster recovery plan and process. 

Ransom does not equal recovery  

Related

Paying the ransom is not a recovery strategy; simply backing up data isn't either. Our Veeam Ransomware Trends Report 2023 shows that most (80%) organizations opted to pay the ransom to end an attack and recover their data last year, rising 4% compared to the previous year. This comes despite 41% of organizations having a "Do-Not-Pay" policy regarding ransomware. But, out of those who paid the ransom, only 59% were successful in recovering their data, and 21% who paid up still lost their data. Similarly, while you might think you have a sufficient backup in place and can avoid paying a ransom, over 93% of attackers target backups during cyber-attacks and were successful in debilitating their victim's ability to recover in 75% of those events.  

A reliable disaster recovery process comprises three stages: preparation, response and recovery. Preparation includes having backups in place (but all backups aren't created equal, more on this later) and, just as importantly, having a recovery location pre-prepared. This is something that many organizations don’t think about until it's too late. You can’t recover to the original environment, it’s compromised and an active crime scene. But you also don’t want to be preparing and getting to grips with a new cloud environment for the first time in the wake of an ongoing ransomware attack. Effective disaster response includes reporting and containing the incident, a pre-defined operational response and forensics to ensure you know what’s been affected and if environments (especially backups) have been compromised. Only then can you recover with confidence.  

Starting from the right place  

Being prepared for disaster recovery is only effective if the backups you are planning around are bulletproof. If you only have one data backup, and it's hit during the attack, you are back to square one. Instead, organizations need to follow a few golden rules to increase cyber-resiliency… 

  • Security teams must ensure they possess an immutable copy of their mission-critical data, preventing hackers from altering or encrypting it. 
  • Data encryption is crucial to render stolen or breached data inaccessible and useless to hackers.
  • The most critical aspect of bolstering your strategy lies in following the 3-2-1-1-0 backup rule. This rule is essential for ensuring reliable data protection and recovery in the face of potential threats like ransomware attacks. It involves maintaining at least three copies of the data, ensuring that even if two devices are compromised or fail, an additional copy is available. Since the likelihood of three devices failing simultaneously is low. Organizations should store these backups on two different types of media, such as one copy on an internal hard disk and another in the cloud. One copy should always be stored at a secure offsite location, while another should remain offline (air-gapped) with no connection to the primary IT infrastructure. Lastly, the "0" stage is critical; your backups should have zero errors. Achieving this needs to be accomplished through regular testing without errors, ideally complemented with constant monitoring and restoration process training. 

Navigating the road out of ransomware 

There’s no doubt that ransomware attacks continue to evolve significantly, growing in scale, sophistication, and impact. It’s no longer a matter of IF your organization will be the target of a cyber-attack, but how often. This shift has meant the road out of ransomware is moving from prevention to recovery.  

While security and prevention remain essential, recovery is the new frontier in the fight against ransomware and ensuring you have a slick disaster recovery plan in place is paramount. By prioritizing data backup, investing in modern recovery technologies, and establishing robust disaster recovery plans, organizations can strengthen their resilience, improve their ability to recover from attacks and navigate the road out of ransomware risk. 

Edwin Weijdema, field chief technology officer for EMEA and lead cybersecurity technologist at Veeam, wrote this article.

The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Image credit: iStockphoto/vvvita  

Related Articles

Related Whitepapers

2017 - 2021 © CDOTrends