A priority in the evolution of ransomware recovery

Software

The first ransomware appeared in 1989. It was distributed via floppy disks; its encryption could be easily reversed, and the ransom of $189 was to be paid to a PO box in Panama. Since those humble beginnings, ransomware has evolved into the massive international cybercrime it is today, that causes billions in damage to organizations big or small.

As new successful attacks are reported daily, it seems that the defenses against the ever more sophisticated attack vectors are lagging the attackers. As many organizations continue to struggle to defend themselves against ransomware, it is worth looking at the currently available technologies and how effective they are in combating it.

IT-Security cannot guarantee the defense against ransomware

Obviously, the best ransomware attack would be the one that does not even reach the network. Security vendors are working continuously to keep pace with the attackers but have no definitive recipe against the whack-a-mole of new security threats like APTs (Advanced Persistent Threats) and Zero Day Exploits, let alone the fact that human insiders still pose one of the biggest risks to organizations’ networks. IDC recently revealed in its The State of Ransomware and Disaster Preparedness: 2022 survey that 93 percent of organizations suffered a data-related business disruption during the past 12 months, and 67.8 percent of respondents experienced four or more such disruptions.

IT-Security, generally the first line of defense, cannot defend against all attacks and cannot guarantee 100 percent security. As a result, all organizations need to plan for the worst case of a successful attack on their network, which is not any more just an ‘if’ or a ‘when’ but more a ‘how often’.

Backups do not have the capability to prevent data loss or downtime

The chances that an organization will sooner or later be victim of a successful ransomware attack are somewhere between ‘likely’ to ‘certain’. To prepare for this scenario, many organizations rely on a technology to recover from an attack that they already use: Backups.

Looking at the current landscape of vendors of data protection software and storage systems that promise solutions against ransomware, Backup-vendors are amongst the loudest voices, marketing their solution aggressively. However, as most new applications will be deployed in the cloud or at the edge, these previous generations of data protection software and storage systems simply do not have the capability to prevent data loss or downtime. Not surprisingly, most organizations lack confidence in their current backup and DR solutions. Only 28 percent of respondents in the IDC-survey expressed 100 percent confidence in their backup system’s ability to recover all data.

At the same time, organizations are facing ever-increasing complexity in providing data protection and disaster recovery using a variety of interleaved data protection products. These often include backup and recovery software, snapshots, mirrors, and replicas, along with disaster recovery (DR) strategies to ensure data recovery in the event of any failure, such as a ransomware attack. Given the cost of downtime (according to IDC, the average cost of downtime is $250K per hour across all industries) and the disruption caused by data unavailability, data-driven organizations are becoming less tolerant to downtime and data loss.

More organizations are looking at DR to recover their data

As ransomware-attacks become ubiquitous it is becoming clear that current solutions are failing organizations in need of solutions to protect against extended downtime and data loss.

IT organizations are looking for solutions that can drive down service-level agreements like RTO and data loss SLAs (RPO) to near zero, equating to no downtime and no data loss. Current solutions based on IT-Security and traditional periodic backups are failing as the requirements for ransomware recovery and disaster recovery are changing. Organizations need better solutions to deal with emerging challenges and ensure data recovery in the event of any failure.

Continuous Data Protection reduces RPO and eliminates the ‘backup gap’

In response to these challenges, Continuous Data Protection (CDP) has a growing role if not a necessity as it can significantly reduce the potential for data loss, regardless of cause, while reducing the time to recovery and simplifying recovery. CDP captures data changes as they are written meaning the effective RPO is reduced to seconds and virtually eliminates the ‘backup gap’ that can act as a major cause for data loss.

Conclusion: CDP is a priority in the evolution of ransomware recovery

With the ubiquitous threat of ransomware and many new applications being deployed at the core, cloud, and edge, IT organizations are facing ever-increasing complexity in providing data protection and DR. By using CDP to return to a point just seconds or minutes prior to an attack or any disruption, including ransomware, recoveries can be made quickly and with minimal data loss, especially when combined with recovery orchestration and automation. To ensure recovery in any circumstance, organizations must prioritize the need in the latest evolution of recovery technology: CDP.

Image credit: AndreyPopov/depositphotos.com

Christopher Rogers is Technology Evangelist at Zerto a Hewlett Packard Enterprise company.