Can Your Data Protection Software Recover from Modern Ransomware?

Your nightmare has come true. Your organization was just attacked by ransomware. They have crippled your networks, corrupted your Active Directory, encrypted business critical documents, and disabled production databases. Now the recovery clock starts. How quickly can your business return to some sense of normalcy? Do you notify your partners, vendors, customers, the public? Do you pay a ransom? So many decisions to make.

The one thing you don’t want to worry about at this stressful time: where are the last good backups?

Outsmarting Cybercriminals

Many data protection solutions have added a layer of immutability to their products to protect backups from being tampered with by bad actors. Many have also added metadata scanning to check the data for suspicious activity. Some look for common vulnerabilities. But cyberterrorists are smart. They have tremendous knowledge and resources to implement new and sophisticated attack vectors. They can easily detect when data protection software is deployed and outsmart these common data protection approaches.

Regardless of what approach your organization has implemented, be prepared for challenges when faced with a cyberattack recovery. Some organizations have attempted to recover using their backups and found their backup environment also was tampered with. Many of the advanced cybercriminals are smart enough to infiltrate the data center and inspect the environment to understand how they can maximize impact; the latest version of the REvil ransomware added the ability to shut off an organization’s backup software. Some attacks can change passwords, disable applications and even corrupt backup catalogs. These are worst-case scenarios, yes, but they are becoming more common.

Welcome to the World of Modern Ransomware

Preparing for a worst-case scenario will pay off in the long run. When an attack happens, and you are asked by your leadership, “How long will it take to recover?” you’ll be able to answer confidently. If you are prepared, you should know the answer to the following question: Where are the last good backups? Having this answer breeds confidence that your cyberresiliency strategy will be successful, and you have an action plan to recover quickly and avoid millions in ransom payments and public humiliation.

So, how do you know where to find the last good backups?

The backups that contain pre-attack versions of Active Directory, networking infrastructure, production databases and business critical files are needed as quickly as possible. If you are checking the integrity of your normal production backups on a regular basis, you will know where they are and can restore quickly.

How do you check the integrity of the backup data? Simple—every time there is a new backup, this allows you to observe the data and inspect how it changes over time. Inspecting the data with content-based analytics allows for deep integrity checks that look inside files to detect deep, hidden corruption.

Why go to the effort to inspect the contents, versus using a light metadata-level scan?

Because modern ransomware is smart. It can hide. It can avoid metadata changes. It knows how to outsmart basic integrity checks and scans.

Adding new capabilities to your backup solution, such as immutability, known vulnerability checking and metadata-level scanning capabilities, may make you feel confident that you are protected, but this is a false sense of security. The only way to feel fully confident it to inspect inside files, databases and core infrastructure to determine if the data is good and can be recovered.

Without this deep inspection capability, you may be faced with surprises when you start the recovery process. Eliminate the surprises, have confidence in your backup data, know the answer to the question: “Where are the good backups?” With those answers firmly in hand, your organization will stay safe and resilient.

Avatar photo

Jim McGann

Jim McGann is the Vice President of Marketing & Business Development for Index Engines. He has extensive experience with the eDiscovery and Information Management in the Fortune 2000 sector. Before joining Index Engines in 2004, he worked for leading software firms, including Information Builders and the French based engineering software provider Dassault Systemes. Jim graduated from Villanova University with a degree in Mechanical Engineering.

jim-mcgann has 3 posts and counting.See all posts by jim-mcgann