Showing results for 
Search instead for 
Did you mean: 

Ransom! Your Files Have Been Encrypted!

Level 3

Warning: your business may be held hostage because you mistakenly assumed your cloud service provider got you covered!

More than half of 1,200 technical and business decision-makers told Veritas in a new Truth in Cloud research study that they believe that the responsibility of backing up data in the public cloud lies with the cloud service provider. That is a myth.

The truth is backup is your responsibility – even in the public cloud.

Ransomware is a type of malicious software (or malware) that, once it has taken over your computer, threatens to publish your data or forever block access to it, unless you pay a ransom[1]. Encryption ransomware (where the attacker makes your files unreadable by encrypting them) is by far the most common type of attack, and its use is only on the rise.  Some attacks target carefully selected organizations or institutions, but others spread automatically and indiscriminately across the internet. Therefore, do not take the threat lightly. Every one of us is a potential target, and once it hit you, the financial and reputational damage can be catastrophic, not only for the organization you represent but also for your customers and even your career.

 There are some preventive steps you can take to limit ransomware infection[2]:

  • Keep your operating system patched and up-to-date, to ensure you have fewer vulnerabilities to exploit.
  • Don't install software or give it administrative privileges unless you know precisely what it is and what it does.
  • Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.
  • And, of course, back up your files, frequently and automatically!

Unfortunately, taking those security measures and staying vigilant won't completely protect you from ransomware, but it can do the damage caused by one much less significant.

Here are three checkpoints to help ensure you can recover from ransomware quickly without paying ransom:

1. Is my backup there when I need it?

The dynamic nature of public cloud (or whatever virtual environment) makes it a tough job to guarantee data protection reliability. With many moving parts, the possibility that the backup of a new virtual machine fails is very likely.

Check that your backup solution offers automated discovery of a virtual machine as soon as it launches, as well as a simple user interface in which you can quickly add the appropriate backup policy to the VM with just 1-click. These automated and policy-driven capabilities not only simplify the day-to-day backup operation but also help to ensure that you'll have access to a data copy of your VM when you need it.

2. How much data loss can my business tolerate?

It’s important to know how much data you can allow losing if you were hit with ransomware and had to recover from a backup.

For example, if you run a backup once a week on Sunday and ransomware hits on a Saturday, then you lose one week's worth of data.  On the other hand, if you run multiple backups daily, say every hour, at most you are going to lose one hour of data. How often backups are taken is referred to as Recovery Point Objective (RPO).

Each application has its RPO. Check if your backup technology can deliver application-consistent recovery points down to sub-5 minutes so you can reduce data loss for your most critical and highly transactional applications. Also, make sure you can replicate backups to another location that is not linked to your computers and servers.

3. How quickly can I recover my data?

Every minute it takes to recover your data, the damage, whether financial or reputational, increases. The speed of data recovery is crucial. The time that can pass before a ransomware attack begins to severely impact your organization can be just a few minutes (or even less). This is referred to as the Recovery Time Objective (RTO).

It is worth asking your backup administrator or your IT operations person how quickly she can restore your data after you notified her. Perhaps, test a restore. If your RTO is ten minutes but the team requires at least one hour (and more time after normal business hours), then you must rethink the backup technology ASAP. Look for a backup approach that uses snapshots. Snapshots restore instantly. Also, pick a solution that has a simple user interface with self-service features so you can initiate a restore independently on your own at any time of the day, speeding up the recovery even more. 

It is never too late to carry out a thorough risk analysis of your data protection strategy. Veritas CloudPoint offers a simple, snapshot-based solution for backup and recovery of your applications and data across the data center and multiple public clouds.

Learn more>