Why backups aren’t enough

Even newborn babies seem to know the word ransomware these days — it appears in newspapers, magazines, infosec reports, and pretty much everywhere else with alarming regularity. And we may have dubbed 2016 the Year of Ransomware, but it turned out to be nothing in comparison with 2017. After a relatively quiet 2018 and 2019, 2020 saw ransomware again making headlines.

Our corporate blog contains dozens of articles about ransomware, almost all of which offer three general tips:

Use good protection. Never download suspicious files from suspicious sites or open suspicious attachments in e-mails from suspicious people, and teach your employees to do the same. Back up data regularly.

From time to time, I hear objections of the following nature: Protection and employee awareness are all well and good, but why bother strengthening protection and training employees when we can just back everything up regularly? We back up all the time anyway, and if we get hit by ransomware, we’ll just restore everything, so what’s the big deal?

Here’s the big deal.

Backups have to be recoverable

Backups are, of course, necessary. But did you ever try restoring your company’s infrastructure from a backup? It might not be as easy as it sounds — and the more computers and infrastructure heterogeneity you have, the more difficult the task becomes. Experienced IT pros have all probably faced a backup not quite restoring everything, or not restoring everything quite as expected. The process is certainly never as quick as they hope. And sometimes backups don’t work at all.

Anyone who’s ever stepped on the proverbial backup rake knows they have to check the integrity of backups regularly, to do some practice runs resurrecting the server in a staging environment, and generally to make sure that if it becomes necessary, recovery won’t take too long. And those who’ve never tried to execute recovery from a backup should really not rest easy; their backups are unlikely to help when the heat is on.

Here’s another problem with relying on a backup: If the backup server lives inside the network perimeter, then ransomware will encrypt it along with all other computers in the network, which means a farewell to recovery plans.

Your bottom line: Maximize your likelihood of a quick rollback by segmenting the network, making backups wisely, and performing test recoveries.

Recovery means downtime — and downtime is expensive

For large companies with diverse devices and infrastructure, a quick recovery is unlikely. Even if the backup functions perfectly, and you sweat blood to restore everything, it will still take quite a while.

During those weeks (yes, we’re probably talking about weeks, not days), the company will be idle. Some will guesstimate the cost of such downtime as less than that of paying the ransomers (we strongly advise against that). In any case, downtime after a ransomware attack is unavoidable; it’s impossible to decrypt and get all systems and services running again straight away, even if the cybercriminals are kind enough to provide you with a decryptor. n the real world, cybercriminals aren’t kind, and even if they are, the decryptor doesn’t necessarily work as intended.” Is that OK

Your bottom line: To avoid ransomware-related downtime, don’t get infected by ransomware. (But how? The answer is protection and employee awareness!)

Modern ransomware is worse than just

Continue reading

This post was originally published on this site