Are You Prepared to Recover from a Successful Ransomware Attack?

Print Friendly, PDF & Email

In this special guest feature, David King, Director of Solution Marketing supporting solution messaging and strategy for Commvault’s Backup, Archive, and Recovery business, offers five policies for enterprises to follow to minimize, if not avoid, damage from a ransomware attack and quickly restore all or most of their data without having to give into an attackers’ demands. David has 30 years’ experience in the data management business. He spent a decade in Silicon Valley developing state of the art storage products including the initial patents around storage remote replication and followed that with 15 years at EMC in a variety of technical leadership roles from technical business development through Customer Support and Professional Services to Channel Management. At Commvault, David has led Presales, Professional Services, Consulting Services, Inside System Engineering, Competitive, Solutions Marketing, and Strategic Channel teams with a focus on enterprise businesses.

Recently more than 10,000 MongoDB installations were deleted and their data held for ransom by groups of cyber-criminals. Though many of these installations were misconfigured, incidents like this point to the fact that you need to be prepared to be attacked by cybercriminals interested in holding your enterprise’s big data or other databases for ransom.

It is likely that you already have security technology and processes in place to ward off such ransomware attacks. However, you need to be prepared for the fact that, despite your best security efforts, an attack might find a way through your perimeter cybersecurity defenses. The good news is that you can minimize, if not avoid, damage from such attacks and quickly restore all or most of your data without having to give into an attackers’ demands if you follow five policies – policies which should be part of any enterprise’s holistic data management strategy:

  • Backup daily
  • Test your backup
  • Keep your backups offline
  • Teach your team to stop attacks as they happen
  • Create a business continuity plan

First, make sure that you are fully backing up your data daily. This means not just relying on snapshots for daily backup, since if the production data is corrupted, the snapshot can be as well. By conducting full backups, and saving these backups for a significant period of time, you can recover all your data up to the day when the attack occurred.

Second, you should regularly test your backups. With today’s modern data protection tools, this can be a quick, automated process, in which you test your backup by recovering your data on-premise or to the cloud on a daily or weekly basis. If you fail to test, you might find that when you do need to recover your data, an overlooked problem keeps you from doing so, resulting in you losing weeks of data, rather than just a day or two.

Third, keep your backup off-line. Ransomware can often infect your entire network, so if your backup is on a shared network, it might be infected as well. Therefore, if you are using the Internet for your backup transmissions, make sure to use a proxy on your DMZ, to ensure these transmissions are secure. For added protection, create multiple restore points, with your data saved on at least two different media.

Fourth, teach your team to stop attacks as they happen. While you are probably training your team on how they can help prevent ransomware attacks — such as by not clicking on suspect links and regularly changing their passwords – there are ways they can also detect attacks and thus limit the damage from these attacks. For instance, you can install and use data management tools that provide your team with alerts when unusual activity is occurring. This will offer them the opportunity to shut down systems immediately when an attack occurs, reducing damage from the attack.

Finally, develop and implement a comprehensive business continuity plan. This is key — one the reasons that many enterprises pay attackers in ransomware attacks is not that they can’t restore the data that has been seized, but that this restoration will take time, and they urgently need this data to prevent their business operations from grinding to a halt. However, if you have a clear and detailed plan for how to manage an attack, as well as how to restore data from your backups, you will know how quickly you can recover from an attack. As long as the plan allows you to recover your data in the time needed to keep your business up and running, you can feel secure not paying a ransom.

As the MongoDB attacks demonstrate, in today’s world, chances are cybercriminals will try to attack your enterprise’s big data and other IT systems with ransomware. While strong security systems can help stop these attacks, even the strongest systems can’t ensure that a particularly sophisticated phishing attack, misplaced password or other technology or human errors do not allow an attack through. However, if you follow the five policies above, as part of your enterprise’s larger holistic data management strategy, you can minimize the damage from such an attack, and avoid finding yourself paying a ransom to secure the data your enterprise needs.


Sign up for the free insideBIGDATA newsletter.

Speak Your Mind