As if the global pandemic hasn’t caused enough trouble, ransomware attacks are on the rise this year. In the past, one of our customers would suffer an attack every few months. Now two or three customers might be hit in a single weekend. Ransomware attacks have evolved, and the pandemic seems to have emboldened malicious agents looking to take advantage of new WFH environments.
My colleague John Bilotti, CIO/CISO at Nasuni, and I recently joined Tom Field of the Information Security Media Group (ISMG) to talk about these issues, and what large enterprises can do to prepare for a ransomware attack. Our conversation is available here and it’s a short but detailed dive into the specific.
5 Essential Features
As we see it, there are 5 essential features of a ransomware recovery solution. Any effective enterprise solution needs to be:
You need to be able to get your data back quickly so your business can restore operations quickly. The solution should be able to quickly identify what was impacted, when it was impacted, and restore the last clean version(s) quickly. The longer people, applications, or machines are separated from the data they need, the higher the costs to the business.
2. Tight Restore Point
Ideally, your solution should allow you to recover data as close to the point of attack as possible. You don’t want to have to restore data from a few days earlier, as this sets your end users back. If you can restore to the closest known good point, then you’re that much closer to getting your business back to normal operations.
Ransomware attacks are now hitting multiple sites simultaneously, or striking one site and rapidly spreading through organizations. Some solutions will force you to restore one site at a time, delaying the recovery of the remote or branch offices that were impacted. But if your file system resides in the cloud, as it does with Nasuni, then you can restore many global sites simultaneously – once you restore a copy in the cloud, that change is synced out to all your other regional or global sites.
Not all cloud products are immutable; objects can be overwritten, and this could slow your recovery. An immutable file system, on the other hand, means that every version is unique, so even if the file system is corrupted, the attack cannot touch those previous versions. Once you restore to a point before the attack, you can rest assured that the file system is safe again.
Finally, a solution has to be testable. You need to prepare, plan, and run through simulated attacks. We help our own customers come up with ransomware recovery playbooks and run quarterly tests on small data sets. That way, if they are attacked, they’ll know exactly what to do.
Enterprise-Tested Ransomware Mitigation
As John mentions on the podcast, we use our own product at Nasuni, and we also test our ransomware recovery capabilities. Plus, we’ve helped numerous customers use our product and processes to recover quickly from attacks.
We’ll be talking about all of this and more in an upcoming webinar. Sign up to find out why traditional backup can’t protect enterprises against ransomware, and what you can do to prepare your organization for the worst.