Staying Ahead of Ransomware With the Cloud
According to a report from Check Point Software, there were 93% more ransomware attacks in the first half of 2021 than during the same period last year. Palo Alto Networks’ Unit 42 security group also found payments have risen more than 80% since 2020, reaching a record $570,000 average in the first half of 2021. Further, the report noted hackers now have four techniques to use for extorting victims, including file encryption, data theft, denial of service and harassment of partners, contacts and employees and more.
If you thought we’d be getting a handle on ransomware by now, you’re likely alarmed. The pandemic and the rush to remote work created widespread security vulnerabilities, and ransomware has turned into an industry that shows no signs of slowing down. In fact, experts predict these threats will accelerate, marked by larger and more sophisticated attacks. Yet, the news is not all doom-and-gloom—there is a promising trend.
Last year, more than 40% of companies had most or all of their environments in the cloud, a number expected to increase more than 60% within 18 months, according to analysts at IDG. And when used correctly, the cloud not only helps discourage ransomware attackers but should a company fall prey, the cloud dramatically improves their ability to recover, stop losses and get back to business quickly.
Setbacks With Backups
Before addressing how the cloud helps, it’s important to remember that most enterprises rely on backups to overcome ransomware. However, even the most advanced backup and disaster recovery (DR) technology can’t prevent the cost and disruption that comes with an attack. In a typical approach, days and even weeks can pass before data is fully restored, especially for enterprises with terabytes of backup to restore to a rebuilt server.
And, as the saying goes, time is money.
A survey by Sophos of 5,400 IT decision-makers in mid-sized organizations indicates the cost of recovery from a ransomware attack has more than doubled in the past year. What’s more, the expense of remediation—including factors like downtime and sales losses—increased from $761,106 to $1.85 million. Not only does this make the expense of recovery more than 10X the average ransomware payment itself, but findings also show only 8% of companies ended up getting back all their data, with a third getting back no more than half.
In reality, those long-touted backups are not an ironclad solution for fast recovery from ransomware—or for any disaster or breach, for that matter. Other methods can actually make the recovery process much easier and faster.
What’s Your Version?
When ransomware is found, IT usually turns to backups, restores a server and copies clean files over—an extremely time-consuming process. It might not take as long with a virtual machine or database, but when you’re rebuilding a file server to handle tens or hundreds of terabytes of data, it could take weeks. And if your backups were infected prior to the attack, restored files can end up being useless and IT must go through the exercise again.
You can overcome this using file system versioning. Unfortunately, most block-based versioned storage networks limit versions and snapshots. These will be effective only if you find the breach within a few days, and with attacks usually going unnoticed for more than a week, businesses are usually forced to trust their backups.
The better strategy is to use a versioned file system that lives in the cloud and offers unlimited versioning.
Not only are these as durable as backups, but they’re also more secure and recoverable. This is because object storage is immutable and not able to be encrypted by ransomware. But with special software and storage snapshots, a file system can have the same familiar feel with greater scalability, performance and cost efficiency.
Cloud-based systems not only open up the potential for versioning, but they’re also not limited by how far back these versions can exist, either. Remember, as immutable snapshots, they can’t be encrypted or altered. So, the more infrastructure an enterprise has in the cloud, the less chance ransomware will have to wreak havoc.
Staying Ahead in the Cloud
A cloud-based file system may sometimes need hybrid infrastructure to cache active files locally and boost performance. Still, the protection it delivers against ransomware, and the ability to provide a speedy recovery and avoid staggering downtime is unmatched.
And if an attack does encrypt data on a local appliance, recovery is simple and swift. IT only has to point it to the most recent and healthy version and, in minutes, an enterprise can be up and running again.
Companies have been looking to the cloud to get ahead competitively for a host of reasons. Now, it can be used effectively to keep them there by ensuring ransomware won’t hold their operations hostage. And the more enterprises continue using the cloud to host more of their infrastructure, the more the specter of ransomware will fade.
