Traditional backup approaches inadequate as ransomware gains momentum
Backing up data multiple times and air gapping backups is no longer enough to protect organisations from the devastating impact of ransomware.
Werner Vorster, country manager, sub-Saharan Africa at Rubrik, speaking ahead of a webinar on ransomware to be held next week, says traditional approaches to backups are proving inadequate as cyber criminals and ransomware attacks proliferate.
“What we’re seeing across all industry sectors – from logistics to healthcare and manufacturing – is ransomware attacks are having far greater and longer lasting impacts than companies expected.” Because most organisations don’t have the visibility into their backups to know what they can recover without reintroducing the malware, Vorster reports that companies falling victim to ransomware attacks can take weeks – or even months – to find the last safe data in their backups.
They can also lose all transactional and customer data since the last safe backup, and their staff could be forced to revert to manual processes while safe data is recovered. “The costs and disruption of such an attack are enormous. We’ve heard CIOs and CISOs describing recovery from a ransomware attack as ‘the worst weeks of their careers’.
“In a ransomware attack, there’s panic and stress throughout the organisation; but the person whose head is going to roll is probably the CIO or the CISO. They have probably raised it as a risk at board level, but in many cases, backups are seen as an expensive insurance policy and the board may not understand the full impact and ripple effects of a ransomware attack,” Vorster says.
In a ransomware attack, there’s panic and stress throughout the organisation; but the person whose head is going to roll is probably the CIO or the CISO.Werner Vorster, country manager, Rubrik
“The sad thing is often they have to feel the pain before they really take it seriously. This is why some people pay the ransom. They get to a point of desperation, and find themselves forced to trust the cyber criminals. But even though they pay the ransom, there’s no guarantee they will be given the key to decrypt their data, and there’s no guarantee the criminals won't attack again,” he says.
Rubrik is now in South Africa and says it has a unique ransomware recovery solution. It encrypts all data at rest and in transit, and stores all data in an immutable format to prevent ransomware from accessing, encrypting or deleting backups. This allows organisations to recover quickly from an attack to the most recent clean-state point in time. The solution uses AI and machine learning to detect anomalies in data being backed up and alert administrators in real time. If an anomaly alert is generated, organisations can use Rubrik Radar analytics to dig deeper into the content of the files and look for signs of malicious encryption.
Rubrik, in partnership with ITWeb, will host a webinar on 18 November to outline how ransomware attacks have changed, what attackers are targeting now, and how organisations should prepare for, manage and recover from ransomware attacks. For more information, and to register for this event, go to https://itweb.co.za/webinar/rubrik-dont-pay-the-ransom/