Backups are a ransomware target and need protecting and intelligence

Published: Friday, 01 April 2022 08:48

Analysts and hardware providers are preaching backup as the best way to recover from ransomware and it is the primary approach that many organizations are relying on for their cyber resiliency strategy. But backups are being targeted and need their own protective strategies says Index Engines.

Backups are not enough, according to Index Engines. Backups can be compromised, as we are now seeing. Relying on standard backups to recover from a ransomware attack is no longer a viable strategy and it is important to validate the integrity of data in backups and the backups themselves to have confidence that a quick and reliable recovery process can be executed.

“Organizations are overly confident that their backups have integrity and can be used to recover data when they are hit by a ransomware attack, Index Engines vice president Jim McGann said. “Cyber criminals do not want organizations to easily recover, so they have set their sights on backup; corrupting, encrypting, or deleting them, to make it very challenging to execute a reliable and timely recovery. This allows attackers to ask for more extreme ransoms.”

Backups are still the right place to start, as long as strategies address the influx of sophisticated attacks that are already being seen; and will continue to become the ‘industry standard’ for ransomware in the coming quarters.

Backups should provide the isolation needed from cyber attacks, immutability from destructive threats, and, most importantly, the intelligence to know if that data has already been compromised. This includes:

“Companies need to get their business operational quickly,” McGann explained, “but this leaves organizations with few options, many of which aren’t ideal for business operations. Paying a ransom and getting encryption keys is a common path they seek, putting them on a list for another attack and putting their faith in cyber criminals the encryption keys will work. Or they spend days searching for good backups so they can restore clean data resulting in a major delay to return to a steady state.”

“This is where intelligence comes in. Being able to know what was compromised and when, allows for an intelligent return to business operation quickly.”