Ransomware is an ongoing threat to businesses everywhere. And it’s not going away anytime soon. That’s a reality IT teams need to start acknowledging and preparing for. Of course, no one thinks that their data center will be the next one to fall victim to a ransomware attack. But with hackers constantly inventing new ways to gain access to sensitive information and critical files, evidenced by the fact that the total number of ransomware samples has increased by over 140% since 2014 according to McAfee Labs’ 2016 Threat Report, businesses need to be prepared for the worst.
Gartner notes in a recent report that “Incumbent antivirus prevention techniques cannot be relied upon to detect and stop all ransomware.”1 With this in mind, businesses need to plan and have a response strategy to help identify the signs of an attack and recover from it.
Ransomware Response Strategy in Six Steps
1. Correctly define how long you can be offline for and how much data you can afford to lose.
Correctly defining the recovery time objectives (RTOs) and recovery point objectives (RPOs) for your company is the first step in your ransomware recovery plan and it is imperative to your ability to get operations back online without paying attackers. To define your RTOs and RPOs, you must first ask yourself two questions. First, how long can the business shut down while waiting for the restore to take place? And second, how many hours of business-critical data can the company afford to lose?
2. Decide on a solution that can meet your defined RTOs and RPOs.
Now that you’ve defined your RTOs and RPOs, you have to find a solution that can actually meet those requirements to get your infrastructure back up and running. According to Ponemon Institute, the average cost of IT downtime is $7900 per minute. This means that the business is bleeding money for every second waiting on requirements to be met. There are data protection plans available for every size of business and for every budget. The important thing here is to make sure the data protection strategy you choose is right for your business and gets the infrastructure back up and running in the time provisioned.
3. Assess integrated solutions to protect remote and branch offices.
Having more backup and disaster recovery solutions doesn’t mean your data protection plan is better than a company that just has one backup and disaster recovery solution. Gartner reports in its June 2016 Magic Quadrant for Data Center Backup and Recovery Software, and in which SimpliVity is citied, that “integrated appliances are highly recommended since they eliminate the requirement and potential complexity to size and procure separate hardware.” With multiple backup and disaster recovery solutions comes more complexity. Simplify your data protection scheme by picking the solutions that are right for your environment. Remote office and branch office (ROBO) deployments, in particular, often lack adequate data protection due to small or nonexistent staff and the cost that can be associated with protecting data at remote sites. Solutions that offer integrated functions such as built-in data protection will help to ease the burden at remote offices and provide better protection to ROBO sites.
4. Educate the company.
Working in siloes is almost always a recipe for disaster. IT teams should make sure that everyone knows what is at stake and what steps to take before a ransomware attack occurs and when a ransomware situation occurs. Education is key to not only preventing ransomware from entering the company’s systems, but to stopping it quickly once it has happened, as well. Ransomware often infiltrates the system by being unknowingly invited in by an employee clicking on a link that is infected. Educating staff on ransomware is key to defending against attacks. Company staff should be alerted to the most common types of ransomware and the typical ways it enters the system. They should also be educated on how prevalent and common these types of viruses are becoming. One tip to educate staff on how to avoid ransomware infections is to not open email attachments from unfamiliar sources.
5. Know the signs of an attack.
A ransomware attack is most often characterized by the locking of files, folders, and applications until a price is paid in bitcoin to attackers. Attacks will often masquerade as government or police agencies accusing the computer-owner of criminal activity and demanding that payment be made within a certain timeframe or else the user will be arrested. It’s important to recognize attacks quickly so the restoring processes can begin as soon as possible.
6. Ensure your solution is simple enough to allow systems to get back online quickly.
A solution that stresses ease of use is important when dealing with a ransomware attack. According to Gartner’s Magic Quadrant for Data Center Backup and Recovery Software, intuitive interface and usability in backup solutions are useful because they include “minimal training required with wizard-based options for common tasks.” Ease of use may be often overlooked as a key consideration, but when IT downtime is costing your business $7900 per minute, every second counts and a few clicks may make the difference.
Built-in data protection makes a difference. SimpliVity’s solution is designed to meet even the most stringent RTOs and RPOs because we make data efficient across all tiers and lifecycles. Workloads can be backed up or recovered in minutes instead of hours or days. In fact, when using SimpliVity’s built-in backup capability, it takes less than one minute, on average, to complete a local backup or local restore of a 1TB VM. This, we guarantee. And our customers are benefitting from this data efficiency and built-in data protection.
One SimpliVity customer took these six steps to heart and in the process of moving data from the previous infrastructure onto the new hyperconverged solution when they fell victim to a ransomware attack, and were able recover data in a timely manner to avoid downtime and the expense that goes with it. The company, based in the Netherlands, was fortunate to have recently instituted a disaster recovery plan with the SimpliVity solution. The business’ partner, which maintains the IT infrastructure for the organization, was performing hourly backups on the new SimpliVity deployment. Prior to SimpliVity, they were backing up to tape at the end of each day. With SimpliVity they lost under an hour of data. Had the attack occurred just days earlier, they would have lost almost 12 hours of data. Not only was the partner able to limit the amount of data lost, they were also able to get the system back online very quickly, avoiding the cost of prolonged downtime. The partner was able to restore from the most recent hourly backup in just fifteen minutes. With the previous infrastructure, it would have taken close to three hours.
Ransomware is a threat to every business, and IT teams need to recognize this fact and adjust their data protection strategies accordingly. Organizations should work under the assumption that they will eventually become infected, should focus on minimizing downtime once infected, and should have a data protection strategy in place that supports their defined RTOs and RPOs. Using the six steps listed above, the damage done by ransomware can be minimized.
1 Gartner, Use These Five Backup and Recovery Best Practices to Protect Against Ransomware 08 June 2016
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.