The rise of ransomware is one of the biggest concerns that organisations face today, and with the exceptional growth in ransomware seen over the years, organisations are having to ask the question: if they are breached, could they recover?
Unfortunately, when an organisation suffers an attack and needs to recover, they realise, when it is too late, that they were hugely unprepared.
Many organisations assume that they can use their backups to retrieve data in the event of a ransomware attack. However, in some circumstances recovering from backup files is not an option. Backups, both onsite and cloud, can also be vulnerable in the event of a cyber-attack with attackers looking to eliminate all possibilities of an organisations recovery; the only way to ensure that you have an uncompromised copy of your data is to ensure that you have a backup file that can’t be altered in any way– which is called an immutable backup.
Ransomware is a type of cyber-attack where the attacker successfully infiltrates your systems, encrypting your files and the data on your network, and demands a ransom for them to be released. In addition to holding access to your data for ransom, there has been a considerable rise in double extortion attempts, whereby attackers also threaten to copy your confidential data and release it publicly, unless the ransom is paid.
Ransomware is not a new form of attack, however, in the last few years, there has been a concerning rise, and companies, of all sizes and industries, are unfortunately falling victim to these attacks.
The techniques used for ransomware over the years have changed from a mass “hit and hope” approach from the attackers, asking for small ransoms in the thousands of pounds, to carefully targeted attacks, taking time to do as much damage as possible and asking for hundreds of thousands if not millions in ransom. This means that it is critical for organisations to keep up to date with the latest security to avoid devastating consequences.
Ransom attacks are more frequent – 66% of organisations surveyed were hit with ransomware in 2021, up from 37% in 2020.
Why Backup is not enough
Unfortunately, backups are also vulnerable to ransomware attacks, with organisations that have been attacked, finding that both their primary data stores and their backup files have all been encrypted and all copies of their data have been rendered unusable.
In many cases the attackers can easily infiltrate a company’s on-premise backup system, if the backup server resides inside the network perimeter, then ransomware will encrypt it along with everything else on the network. There is also the added threat of “sleeper attacks” where ransomware has been deployed, but it goes undetected for some time, lying seemingly dormant while infecting the files in the background. When a sleeper attack goes undetected, it will be backed up repeatedly along with the company’s files and data, until the encryption kicks in and everything is locked, and your backups are also compromised.
Whilst having an offsite cloud copy of your backup, is thought to provide an improved level of protection, ransomware can spread through any internet-accessible device, meaning that unfortunately your cloud backup files can also be easily accessible, and infected with ransomware. If the cloud service that you’re using saves multiple previous versions of files then you may be able to revert to an earlier version, but in most modern ransomware attacks, once the ransomware has accessed your cloud files, it will infect and encrypt all of the previous versions.
Why Immutable Backups are critical
An immutable backup is a backup file that is fixed, it cannot be altered or tampered with in any way, meaning that it cannot be encrypted, or deleted in a ransomware attack. This means, essentially, immutable backups act as an impenetrable wall against cyber-attacks on your stored data, if it’s done after the backup was created. Having an immutable backup helps to ensure faster recovery from ransomware as you will have a clean copy to restore from. Immutable backups are also safe from non-malicious data loss threats, such as accidental overwriting or deletion, and helps you to meet regulatory data-compliance requirements, ensuring that you have accurate data copies retained.
How Immutable Backups Protect Against Ransomware
Immutable backups can’t be affected by any form of malicious attacks, as it’s an offline backup that cannot be edited, or encrypted.
Ability to restore files of all file versions
In the event of ransomware attack, older backup files may be deleted, which means all the previous file versions will be gone too. An immutable backup allows all file versions to be saved separately, therefore easily accessible, and unchanged, ready to use whenever needed.
Having an immutable backup allows fast recovery if you have experienced a cyber-attack, or are simply just wanting to start fresh, any immutable backups can be used on a new system.
It is also worth noting the importance of correctly configuring your immutable backups, in some scenarios that we have seen, just having immutability enabled is not sufficient protection, attackers have been able to compromise copies due to unsecure management console configuration.
Periodically testing your backups is critical to the success of recovery too; regularly running backup and restore tests helps you to verify the effectiveness of your organisations backup methods to ensure that the business can swiftly retrieve its data and continue operations in the event of a breach.
While immutability is a necessary component of ransomware resiliency, having a comprehensive protection and recovery strategy in place is critical to protect your organisation and its data form being compromised and ensure that, if you are compromised, you have the necessary means to recover swiftly and effectively with as little disruption as possible.
Other ways to protect your organisation from Ransomware attacks
- Educate your users on Phishing techniques
- Maintain security patches across all systems and software
- Use a password manager tool and follow password best practices
- Have an immutable copy of your backup
- Maintain an updated antivirus/security software
- Having updated security software and strong firewall policies
- Remove any unnecessary software/plugins or add-ons
Whatever the requirement, Krome’s team of industry-experienced professionals can help; we design and deliver comprehensive backup and recovery solutions. Krome also offers a range of security solutions and assessments services that can help you to understand your current position, identify any gaps and strengthen your overall cybersecurity strategy, services include:
- Ransomware Recovery Assessment
- Phishing Assessment / Security Awareness Service
- Vulnerability Assessment & Remediation
- Cyber Essentials Plus Readiness Assessment
If you would be interested to learn more about how our security services can help you to understand where your systems or data is most vulnerable, and the steps required to protect your business, please get in contact using the form below.