Do Your Backups Have Your Back Against Ransomware?

The abrupt and complete shift to remote work in the wake of the global pandemic had many companies scrambling to secure their infrastructure. Most CSO, CIO, and senior IT managers have spent weeks trying to make their networks secure and accessible, especially as ransomware and other cyber-attacks reached a fever pitch. Organizations spared no expense in ensuring the security of their backups with 3-2-1 strategy, air gapping and immutable backups. To feel safe from ransomware, companies also ensured redundancy and high availability of their backups. But was that enough? Is organizational confidence in their backups justified?

Not if we go by the data. According to data from NortonLifeLock, ransomware attacks increased by 35 percent in the first quarter of 2021. Data from Accenture put the overall ransomware percentage increase at a steep 148% in 2021, with an attack happening every 11 seconds. What’s more, 2022 shows no signs of the trend abating, especially with the discovery of the log4shell vulnerability.

Companies continue to fall back on the belief that as long as they manage their backups well, ensure air-gapping and immutable retention and implement prevention tactics, they will be safe. Long term experience with established backup practices often results in a false sense of security; this is dangerous when coupled with the constant threat of rapidly adapting cyber-criminals & human error.

1. Why are we overconfident in backups?

• Companies continue to fall back on the belief that as long as they manage their backups well, ensure air-gapping and immutable retention and implement prevention tactics, they will be safe.  Long-term experience with established backup practices often results in a false sense of security; this is dangerous when coupled with the constant threat of rapidly adapting cyber-criminals & human error. 

2. What is air-gapping?

• Air gapping refers to the procedure wherein a secure network is physically isolated and separated from any connection with other networks. This makes hacking into an air-gapped network difficult as the only way hackers can gain access to the network is through physical proximity to the backup storage medium.

3. What is immutability?

• Immutable retention, or WORM (write once, read many) is a technique through which a company can maintain strict control over access to backups. This method ensures that unauthorized sources are prevented from modifying, moving, or deleting any data from the backup repository.

4. How are cybercriminals getting past your backups?

• The overconfidence bias also leads to companies often ignoring the fact that hackers have become aware of their over-reliance on backups – and are increasingly targeting those very backup repositories, the backup management software, and even the data transmission process. Advanced ransomware is capable of lying undetected in legitimate files and encryption attacks can be delayed for months before activating. Meanwhile, the ransomware crawls into your backup repositories.
• When an attack happens, a company’s likely response is to attempt to restore the affected data and systems from their backups. When that restore occurs, the ransomware is restored too and the attack cycle continues, creating an Attack-Loop™. Air-gapping and Immutable Backups will be compromised.

5. What will likely happen during a ransomware attack?

• ✔ Deleted backups – All of the backup data is lost.
• ✔ Backup Retention Shortage – Only the most recent backups are available, and they are infected.
• ✔ Failure to restore data – Backup restoration processes fail to function, or backup data is corrupted.
• ✔ Attack-loops™ – There’s ransomware on your system, and there’s ransomware in your backup. Every time the company tries to restore the data, the ransomware gets restored with it.
• ✔ Long recovery times – An average of 22 days while the company hemorrhages money and acquires brand damage.
• ✔ A massive effort is required to reconstruct systems and data, costing millions.

6. What can you do?

• Companies need to understand that with threat vectors continually expanding and even backups under threat as part of ransomware attack strategies, they can no longer afford to rely on 3/2/1 air-gapping and immutable backups. While there may be no way for companies to prevent malicious code from ever entering their systems, companies need to find a way to ensure that their backup can have their back – when it counts.

How can Asigra help?

With Asigra Tigris^TM, you get the most advanced backup solution that prevents the ransomware attack loops from taking root in your backups in the first place. Tigris^TM employs bi-directional malware scanning with AI and ML heuristic detection designed to identify and block attacks at pre-execution before each backup and restore. It also integrates cutting-edge defensive capabilities including password-less authentication with deep MFA, soft deletes, and AES 256-bit in-flight and at-rest data encryption. Variable repository naming enables companies to present a moving target to potential attackers trying to wipe out their backups instead of a static one.

Tigris enables true agentless management to significantly lower security risk and simplified management. It provides end-to-end data protection, backups to a single scalable repository with central, multi-tenanted oversight, automated backup management and recovery, and truly optimized recovery that match company specified RPO and RTO. Your technicians will no longer need to struggle with corrupted files and paused backups as the solution can ‘self’ heal, resulting in lower backup failures. Continuous data protection with granular recovery and easy validation of restoration provides businesses with much-needed peace of mind.