7 Steps to Defend Your Enterprise Data from Ransomware

Ransomware is a growing security problem and one of the biggest forms of cybercrime that organizations face today. Every day, news feeds feature stories of criminals who brazenly announce they’re holding business-critical data hostage until a ransom is paid. And there is no guarantee of getting that data restored, even if you pay the ransom.

Managed by well-funded criminal organizations with squads of full-time developers, ransomware has become a lucrative business. According to CyberSecurity Ventures,^[1] ransomware claims a new victim every 5 seconds, and as of 2021 damage costs worldwide have reached $20 billion. That’s a 57x increase in just 6 years – more than enough to keep your CISO up at night.

With new strains of ransomware and other malware threats on the rise and data continuing to grow from edge to the cloud, your enterprise and customer data are more at risk than ever. In this fast-morphing environment, organizations must act quickly to protect business-critical data.

Data protection is a crucial line of defense against ransomware. Secure backup images of critical business data and applications allow companies to roll back in time to recover applications and data before the point of ransomware infection. Although many data protection solutions in the market promise to address backup and recovery, most of them provide only partial protection. Legacy solutions are not immune to ransomware once data center systems are impacted.

Can you prevent ransomware attacks?

Attacks happen. It’s not a matter of if, but when. As long as cybercriminals believe your data has value, they’ll continue to exploit vulnerabilities and find innovative ways to encrypt critical data. This means that investing in recovery is just as critical as prevention. Including data protection in your cybersecurity framework is a requirement for cyber resilience. Here are 7 best practices that can help you mitigate the risks of ransomware attacks and set your business up for quick recovery.

1.    Use both disaster recovery and backup solutions

Backup is part of every cyber resilience plan. Ransomware is a disaster scenario, therefore organizations must also include disaster recovery (DR) in that plan. Modern DR solutions bring granular recovery checkpoints and the ability to recover entire sites or applications within a few clicks. These solutions enable significantly lower recovery point objectives (RPOs) and faster recovery time objectives (RTOs).

Multi-layered data protection using the 3-2-1-1 rule continues to be crucial. Store three copies of your data on two different media types with one stored offsite and the second one stored offline. Organizations using both DR and backup solutions to create an impenetrable multi-layered defense are able to remediate risks and become operational much faster post-encryption. End-to-end data protection solutions, like those offered by HPE, let you easily adopt the 3-2-1-1 rule to ensure data integrity, and maximize application uptime and data availability for your business.

2.    Test, test, and test to ensure recovery

Most organizations are unsure of their ability to recover once an attack happens, usually due to infrequent testing of their DR and backup solutions. It’s imperative that organizations prove their ability to recover by fully testing all recovery operations, from failovers to file-level recoveries. Mimic actual disaster and recovery scenarios to ensure that administrators are following protocols and documentation, especially during ransomware recovery simulations.

3.    Isolate backup data

Cybercriminals usually attempt three insidious techniques to try and force a ransom payment: encrypting, modifying, or deleting an organization’s data. In the case of data modification, ransomware changes storage blocks, and your backup system ends up backing up the altered, now-encrypted files.

Immutable backups keep backed up data out of reach, effectively erecting a wall against ransomware attacks. Systems such as HPE StoreOnce Catalyst provide immutable backups that can’t be encrypted, modified, or deleted. HPE’s data protection solutions completely isolate data wherever it lives to prevent it from being tampered with, intentionally or unintentionally. Secure by design, these solutions make backup images invisible and inaccessible to ransomware, ensuring data integrity and enabling data restores in the event of an attack.

4.   Improve your RPOs

How frequently you perform a backup determines your data loss. For organizations using nightly/daily backups, that could mean hours or an entire day of data loss. If you’re looking to reduce data loss, it’s time to rethink your data protection frequency for better RPOs.

HPE data protection solutions allow you to deliver RPOs of seconds using continuous data protection (CDP) along with a backup solution that enables near-continuous data protection for more frequent backups for better recovery times and longer retention periods.

5.    Speed up your RTOs

Attacks do happen, and fast. While it’s important to employ the 3-2-1-1 rule to protect you from data loss, it’s every bit as critical to prepare for fast recovery. The longer your business waits to be operational again, the deeper the damages.

Data protection solutions with built-in orchestration and automation help provide predictable and rapid recovery, minimizing system downtime, business disruptions, and revenue loss. Zerto, an HPE company, speeds the process of getting back your data and applications—at scale. Zerto’s CDP technology provides recovery in minutes, and lets your organization recover from a disruption or an outage with the lowest RPOs and fastest RTOs in the industry.

6.   Add air-gapped data protection

An air gap, also called an “air wall,” is a security measure that protects data from intrusion. The concept is simple: any device that isn’t connected to a network cannot be attacked remotely. One of the challenges of on-premises data protection solutions is that they are exposed to the same ransomware threat as the rest of your datacenter. Any backup environment attached to your network can be infected with the same ransomware that corrupted your primary database, preventing you from accessing your backup data at a critical time.

You can avoid this cyber trap with air-gapped tape backup solutions. Storing offline and offsite copies of data on tape storage which has no connectivity to public networks ensures that ransomware cannot touch a backup. Create secondary backup copies to tape regularly to ensure that you will always have a clean copy of your data. 

7.    Set up on-demand sandboxes and anomaly detection

Safely recovering data from a ransomware attack requires more than just executing a recovery. It involves investigation and isolating data for verification before it is restored back to production. There are a number of anomalies in a data center that can be monitored, and a few combinations that can be good indicators of active ransomware. This is where HPE InfoSight really shines, and can bring you the detailed information you need to make management decisions.

Hardening systems by keeping them up to date with the latest patches and detecting malware before an attack happens are both important in preventing ransomware attacks. Ransomware attacks can lie dormant on systems for days, weeks, or months before attackers decide to activate the malware, and they often target known vulnerabilities.

Zerto enables you to create an on-demand sandbox replica of your production environment quickly and non-disruptively. Being able to quickly and non-disruptively test security patches and scan for malware in on-demand sandboxes helps you accelerate preventative measures to keep your systems free of ransomware. Sandboxes and anomaly detection can work together to offer one more layer of protection against modern cyberthreats and disasters.

Get back in control

By implementing these steps, you can start protecting your organization’s data against damaging ransomware attacks. When you are in control of your business data, you are no longer vulnerable to the hacker’s demands. As the threat landscape continues to evolve, more and more enterprises will need to modernize their data protection edge to cloud to keep their data secure from any cyberattacks.

Modernizing data protection puts you in control and can improve efficiencies, too, by reducing cost, risk, and complexity in backup environments. Protecting your data at the edge, on-premises, and in the cloud will set you up to deliver on future SLAs, enabling you to meet demanding SLAs (RPOs and RTOs) and keep your business moving ahead.

^[1] Cybercrime to Cost the World $10.5 Trillion Annually by 2025, CyberCrime Magazine, Nov. 2020

____________________________________

About Avi Raichel

As CIO and VP of GTM at Zerto, Avi Raichel leads the IT team as well as various GTM domains including managed service provider (MSP) business, sales operations, channel & alliances and demand generation. Zerto, a Hewlett Packard Enterprise company,  is an industry leader in cloud data management and protection. Since joining the company in 2017, Avi has helped to ensure that internal IT processes and systems accelerate Zerto’s strong business growth.