Ransomware Steps On Traditional Disaster Recovery

Ransomware got your business down? You’re not alone. This type of malware is ripping through the enterprise, leaving damage is in its wake and some empty pockets. Organizations large and small are realizing that they have to step up their game if they want to prevent a ransomware attack.

If ransomware affects your backups, the only way to recover data may be to give in to this scheme and set up a bitcoin account to pay to get your stuff back or you may lose it forever. That’s when you become “mad as hell,” according to Infrascale’s Director of Channel Marketing Derek Wood. And understandably so, given that there is no guarantee that you’ll get your data back, even if you do pay. You are dealing with cyber criminals after all.

We know what you’re thinking, you did all the right things. You purchased a business-grade backup system, your backups were tested on a regular basis and your backup drives were refreshed to protect against hardware system failure.

However, this is often not enough when it comes to ransomware. In fact, North American paid over $1 billion in ransoms throughout 2016 and this year is expected to see an even higher number. If you’d like to prevent this from happening to you in the future, Wood suggests taking a look at the four items below and rethinking why your backup and disaster recovery plan did not save you.

Criminal organizations, well thought out attacks

A ransomware wielding cyber criminal spends time designing viruses and exploit kits to ensure their attack is successful. They will leverage your social media platforms and websites to learn how to best penetrate your business, Wood reported in a recent blog post.

Critical applications are the target

Ransomware criminals started taking advantage of businesses by utilizing their workers’ entry points before accessing critical applications and locking out users. Keep in mind that any app, network or service with heavy traffic becomes a big target.

Backup systems are ransomware’s kryptonite

This type of criminal knows that an enterprise has ways to get data and critical systems back. So they go after backup files first before triggering their virus to encrypt files or ask for ransom.

If your files are on a network-accessible drive, the ransomware viruses will find them. And backup files are normally written in a common format, which means they are easy to locate.

“In addition to file-type searches, ransomware kits will look at Volume Shadow Service (VSS) logs as an easy way to find where backups are being written since many backup services will use VSS to create backups for databases and other open files,” Wood said.

He went on to say that once the location is found, “only a short-time stands between the virus and your critical applications and files.”

Backup systems normally store files on administratively accessible drives

Getting themselves some admin access is a primary goal for cyber criminals given that it allows ransomware variants to read and write data on the most critical locations. This access means a hacker could encrypt backup files on their own, rendering them useless and leaving you with just one way out: to pay up.

So what can you do to defend yourself?

Wood suggests moving backup/DR files to the cloud because that would enable you to get your hands on an older version of your files and sidestep the attack. The virus will most likely not be able to infect files stored in the cloud.

An enterprise grade Disaster Recovery as a Service (DRaaS) solution is also a solid way to keep hackers at bay. It will keep intruders out of the storage used for the backups and DR files stored on the network. Management can access them, but only through the portal given by the provider. A cloud DRaaS tool may also be worth considering.

“A cloud-DRaaS solution wherein all backups are replicated offsite will allow a much faster recovery via cloud-based recovery of entire machines from which your users can continue work while a production environment is prepared for final recovery,” Wood said.

If you’re looking for a disaster recovery provider, download our Buyer’s Guide: