Oct 07 2021

How to Build Better Backups for Reduced Ransomware Risk

Attacks are on the rise, but the right backup strategy can help businesses reduce their vulnerability.

From the perspective of a hacker, the past 18 months have been nearly perfect. First, staff moved from uniform corporate networks to uneven in-home connections, while IT teams struggled to close security gaps. Now, many employees are headed back to the office part time, leading to the creation of an entirely new set of networking and connection challenges that put corporate assets at risk.

The result? Ransomware is on the rise. As noted by Computer Weekly, the first six months of 2021 saw a 93 percent increase in attacks compared with the same period in 2020. Hacker groups are also broadening their targets. From the spring attack on Colonial Pipeline to the more recent compromise at Howard University, the potential damage posed by ransomware has led to significant operational interruptions as organizations look minimize overall impact.

To effectively combat ransomware, businesses need a strategy that starts as close to their data as possible to deliver protection before, during and after an attack.

In other words, better ransomware defense begins with backups. 

Ransomware’s Four-Point Problem

Andrew Stone, CTO of industry-leading solution provider Pure Storage, notes that “ransomware is now a huge revenue-stream business.” This creates an increasingly active market that puts companies under pressure from both low-skilled attackers who have purchased Software as a Service ransomware packages in the hopes of making easy money and more sophisticated attackers looking to try out new tactics.

DISCOVER: Dive deeper into these new security tactics with Pure Storage.

For Stone, this creates a four-point problem: 

  • Initial encryption. Data encryption prevents access to data, but it comes with the risk of total loss if the decryption tool provided doesn’t work.
  • Data exfiltration. This is the most common ransomware worry: Attackers exfiltrate key information and threaten its release if they aren’t paid.
  • Media services. Stone notes that in some cases, attackers will also threaten to reveal breaches to the media if payment isn’t forthcoming.
  • It’s also possible that attackers will sell intellectual property or operational data to your competitors.

It’s worth noting, Stone says, that despite their role as extortion experts, most ransomware groups will try to honor the agreements they make with businesses. “A lot of them don’t want to violate the terms that they set forth. They don’t want to go against that because others won’t pay.”

Pure Storage Helps Before, During and After an Attack

For Stone, effective protection starts with position. “Putting protection close to the data is key,” he says. In practice, this means that storage isn’t just about backup. Instead, “it’s about protecting companies before, during and after an attack.”

Before an attack happens, “companies should focus on logging,” says Stone. “You need to log everything — don’t be strategic. If you only log the top 10 percent of your perceived risks, bad guys have a better chance of hitting the 90 percent.”

Pure Storage can help solve this challenge with FlashArray block storage and FlashBlade, the industry’s first fast file and object storage. These platforms let businesses build a scalable, pooled instance for both “hot” and “warm” data so these logs are usable. They offer a linearly extensible format with the capacity to search for specific events or to layer on analytics tools.

During an attack, Pure Storage can help with SafeMode, which prevents data from being deleted.

Click the banner below to dig deeper into cloud security guidance from CDW.

“Even a person or process with administrative permissions can’t fully delete data,” says Stone. “It’s like an air bag: It’s not the only safety feature, but it can lower your risk. All data stays on your array to provide a recovery point after an attack, and using SafeMode to protect your security logs also means bad guys can’t cover their tracks.”

Deployed across storage instances and arrays, SafeMode effectively creates a virtual air gap by ensuring critical data is not only immutable but also undeletable.

After an attack, the most important thing is time to recovery, Stone says: “The only thing C-suites care about is, ‘Are we back up and running?’ It’s all about how fast you can come back.”

Pure Storage offers a solution to this issue with snapshots. According to Stone, “Snapshots are highly configurable. They’re created instantaneously using metadata pointers to capture the difference between different snapshots, which consolidates the function and makes it instant.” When longer-term recovery is also necessary, Pure offers its Rapid Restore capability, which is the industry’s fastest recovery solution on the market. According to Stone, “With some of our partner integrations, such as those with Commvault and Cohesity, Pure is able to bring you more that 17 times the recovery speed than the closest competitive solution.”

Stone also highlights the need for reliable post-attack supply chains. “The last thing your customers should think about is supply chain,” he says. “Pure can deliver right away. When you get hit, you’re not going to take your existing arrays and put them back into production. They may have to be submitted for audit or review. You need additional infrastructure — and you need it now.”

Backups make a big difference in reducing ransomware risk, especially as part of a larger strategy that starts by putting protection where it matters most: close to your data.

“This game changes every single day,” says Stone. “Adversaries are constantly changing, and you need new tools and strategies to stay safe.”

Brought to you by:

NicoElNino/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT