Contact Us

3 Ways Your Backup Solution Can Fail During a Ransomware Attack

backup solution

Ransomware—a form of malware where your data is locked and encrypted until you pay for it to be released—is by no means a new threat. Recent reports indicate a 15% increase in ransomware attacks over the past five years. While the percentage may not appear alarming, the repercussions are substantial. Consider this, on average, a single ransomware attack can cripple a business with a jaw-dropping financial burden of $1.85 million. Moreover, many organizations are often impacted by ransomware more than once.

When your organization falls victim to a ransomware attack, there are generally two options for data recovery: paying the ransom or restoring files from a backup. However, paying the ransom may not always yield the desired results. The process of obtaining and utilizing the encryption key provided by the ransomware gang can be extremely time-consuming, delaying immediate access to your data even after payment.

Traditionally, restoring locked files from backups has been the most effective approach for recovering from ransomware attacks. Unfortunately, cybercriminal organizations, highly profitable and well-funded enterprises, have evolved and developed methods to hinder the effectiveness of backups. Here are three ways in which traditional backup solutions can fail to expedite ransomware recovery.

#1 Smart Cyber Criminals Disable Your Backups

In the infamous Colonial Pipeline ransomware attack of 2021, the cyber-criminal organization DarkSide brought Colonial Pipeline, the largest distributor of gasoline and jet fuel in the American Southeast, to a screeching halt. While ransomware is traditionally introduced to a system by an employee inadvertently downloading a malicious file through a fraudulent email, in the case of Colonial Pipeline, the ransomware attack was started via exposed admin credentials.

The findings from this incident were truly eye-opening for multiple reasons. First, this mainstreamed the practice of cyber criminals having unknown access to a company’s systems before introducing ransomware. On average, it takes approximately six months to detect such unwanted access, during which time cybercriminals exploit every opportunity to enhance the effectiveness of their pending ransomware attack. This can involve disabling antivirus solutions to delay the detection of malware, changing passwords to admin accounts to make it harder to respond to the attack, and disabling or erasing your primary backups.

According to Veeam, a staggering 93% of all ransomware attacks attempt to destroy your backups. If cyber criminals disable your backups prior to a ransomware attack, you will have little recourse other than paying the ransom. This is a prime example of how modern cyber-attacks have evolved to counter common IT methods for keeping data safe.

#2 Miscommunication and Confusing IT Jargon

One of the complicated aspects of information technology is the abundance of terms and options available to keep data safe. When it comes to data protection, you are faced with understanding the difference between backups, failovers, archiving, redundancy, geographic redundancy, business continuity, disaster recovery, and much more. A fairly common issue is when an executive confuses redundancy with backups.

A backup solution involves a point-in-time copy of your data being made and stored in another location. Redundancy, on the other hand, involves having multiple locations for your core application in case your primary systems are brought offline. Confusion arises because, in a redundancy situation, everything is copied over as-is to both locations, meaning that if your files are encrypted in one location, they are encrypted in your redundancy location as well. Backups are effective against ransomware because it allows you to restore a copy of your file that was taken prior to the ransomware being introduced. Many large organizations are left astonished when they realize, after a ransomware attack, that they had a complete misunderstanding of how to swiftly recover their data.

#3 Human Error

Did you know that human error accounts for 75% of data loss? While we live in an extensively automated world, technology still relies on human input. When it comes to backups and ransomware protection, there are various ways in which human error can render backups ineffective in a ransomware situation:

  • Not adding a new server or system to your backup solution
  • Skipping or overlooking manual backup checks
  • Accidentally deleting files
  • An admin or admins falling victim to social engineering scams
  • An error arising with third-party integrations
  • Operating non-patched or updated systems

All of these examples have led to at least one major ransomware incident in the past five years and will continue to cause issues unless new, more advanced solutions are implemented.

Conclusion

Based on the facts, if you rely solely on a traditional backup solution to help you recover from a ransomware attack, you may be putting yourself at risk. Take action now and explore modern solutions like Nexsan’s Assureon Data Vault, which prevents unauthorized alterations to your archived files.  If you truly cannot risk losing data, reach out to Nexsan today to learn more.