Ransomware – do you wish you had a dime for every time someone mentioned it? It’s all over the news, it’s all over the Internet, and it’s certainly earned its prominent spot in our worries. According to McAfee, it’s been around for just seven years but is growing at an alarming rate; reported ransomware attacks grew by 118% in the first quarter of 2019 alone.
As with all viruses, ransomware continues to evolve and find new ways to attack and spread, and thusly our prevention methods always seem to lag just a little behind. That’s why we often layer a combination of technologies and strategies to protect ourselves from damaging data loss due to ransomware.
Prevention is, of course, your best bet. We always recommend a strong network security foundation, including well-tuned spam filtering, web content filtering, firewalls, multi-factor authentication, antivirus, segmented networks and other security policies like limited access. By making your network security practice as strong as can be, you can stop the majority of attacks from entering or spreading very far.
End user training is key. Ransomware frequently gains entry to organizations’ systems by manipulating the end user via email or malicious websites. It’s important to continually train your users on how to recognize these bad actors and to develop a policy of openness so that users feel comfortable reporting a mistake quickly.
Recovering from Ransomware with Backups
Honestly, ransomware can still happen to the best of us. We’ve seen organizations brought to their knees (sometimes literally after working around the clock for 192 hours rebuilding entire environments) by ransomware attacks. Maintaining strong security is extremely important, but there might always be small holes you didn’t account for – and ransomware can easily find those and sneak in.
A great option is to restore your data from backups. The main way we accomplish this with our clients is by taking regular air-gapped backups. “Air-gapped” in this case means a backup that is not directly online, either taken offline regularly or is on media that can’t be changed. For example, tape servers, specially made appliances, or certain cloud repositories can offer you an air-gapped solution.
You must also know your RTO and RPO and factor them in when you’re designing your backup and know it when you’re restoring. Any time you restore a backup, there is a chance you will experience some data loss depending on what your RPO and RTO are with your current solution. Recovery Point and Time Objectives (RPOs and RTOs) are often a company leadership decision you balance carefully with budget.
Recovering from Ransomware with DataCore
If you’re thinking about how data loss and downtime are not an option for you — not even just a little — then there is another option: DataCore. DataCore is a software-defined storage solution that decouples the physical storage from the management plane, acting almost as a storage hypervisor.
That in itself comes with an entire bevy of benefits outside of this specific use case, but since it can continually log your data, it is excellent for efficiently removing yourself from the clutches of ransomware. DataCore does this with their continuous data protection (CDP) solution.
With DataCore’s CDP, every change on your disks is tracked, so you can rewind back to any point in time with down-to-the-second granularity. It works at the storage level and is very non-intrusive and completely transparent to the host/system. Additionally, since you’ll have these different points in time saved, you can easily pinpoint the incident time and begin your forensic investigation into the ransomware’s entry point (or Patient Zero as we like to call it). The best part? DataCore is storage vendor agnostic – put it on what you already have and leverage it to scale out as you grow or upgrade!