Ransomware is a cash cow for cybercriminals, netting more than $350 million in ransom payments last year — although it is likely much more because many victims don’t report attacks in order to preserve their reputation. It’s easy money for the crooks because most companies just pay the ransom so they can regain access to their encrypted data and get back to business as quickly as possible.
Turns out, that is a really terrible option.
New research finds that 80 percent of businesses that pay a ransom suffer a second ransomware attack — often at the hands of the same threat actor. The April study conducted by Censuswide also found that nearly half of those paying a ransom reported that some or all of their data was unrecoverable due to corruption during the recovery process.
The research illustrates an ugly reality about ransomware — there simply aren’t many great options once you’ve been compromised and your data has been encrypted. If you pay up, you may or may not get your data back, plus you’ve let it be known you’re an easy mark for future attacks. But if you don’t pay, you run the risk of days or weeks of downtime that could put you out of business.
Why Backup Matters
That’s why robust data backup solutions remain your best hedge against attacks that make it past your defensive security systems. Frequent backups help ensure that files can be reliably accessed in the event of an attack.
Of course, the bad guys understand this as well. Newer ransomware strains frequently target backup systems, exploiting firmware vulnerabilities to either encrypt or delete backup copies.
That’s why all backup environments today should include an option for immutable backups that cannot be altered or deleted, even by an administrator. Immutable backups ensure you have an untouched version of data that is always recoverable and safe from any attack or system failure.
An immutable backup should be completely isolated from local systems to be sure it can’t be compromised. However, it must be readily available for recovery when needed, which makes the cloud a logical target for your backup copies.
The Datto Approach
Here at Verteks, we rely on industry-leading solutions from Datto to provide immutable backup for our managed services customers. For example, Datto’s new Virtual SIRIS (vSIRIS) data protection software backs up data to the Datto Cloud, which was purpose-built for immutable backup.
The Datto Cloud includes multiple security layers to thwart ransomware attacks. Two-factor authentication (2FA) restricts access to the administration portal and allows no direct partner or client access. Additionally, the local SIRIS appliance allows no cloud administrative access to ensure there is no backdoor entry.
All data is encrypted at rest, and a ransomware scan is performed after every backup snapshot has been taken. Virtual servers are tested after each backup to ensure they boot properly with all data intact.
Datto also uses the Zettabyte File System (ZFS), an advanced file system that helps ensure data integrity. ZFS snapshots occur at the block level of the file system, making them immune to any file-level ransomware encryption. Cloud Deletion Defense is another important feature, letting you regain access to backup snapshots that have been accidentally or maliciously deleted.
Research shows that up to a third of organizations never back up their business data. That is an incredibly risky practice given the increasing occurrence of ransomware attacks. Our managed backup services featuring immutable cloud storage from Datto can provide robust protection and peace of mind.
