When it comes to handling ransomware, it’s not a matter of whether your company will be targeted, but when. New variants are continually emerging. Pay-or-get-breached schemes – in which ransom is demanded and data is leaked if not paid – saw quarter over quarter increases throughout 2020. Nefilim, which exploits weak remote access in Citrix, used a deceased admin’s credentials to put their crypto-locking malware in about 100 systems in a single instance.
Attacks are on the rise, and according to analysts at IDC, perpetrators have a 90% ransomware success rate, with 93% of victims encountering data corruption or loss. If you’re managing data entirely in-house — backing up to on-premises servers that are also used for handling day-to-day IT — ransomware can spread and infect those backups as well if proper precautions aren’t taken to airgap them. That said, companies desperate to retrieve data, get back to business and avoid costly downtime will often begrudgingly pay attackers to decrypt their locked files.
Many organizations have harnessed the cloud for data protection and applications in general. In part, this is because they believe software as a service (SaaS) and cloud vendors will better protect them from ransomware attacks. Unfortunately, there’s a misconception that’s prevalent among companies that rely on these offerings.
Take Microsoft 365, which has seen explosive growth due to increased remote demands brought about by the pandemic. Today, roughly 260 million users rely on the service. Yet, most don’t feel they need to worry about protecting that data because it’s the service provider’s responsibility.
And it’s this mistaken belief that actually makes their companies particularly vulnerable.
That’s your problem
SaaS vendors usually operate under a shared responsibility model. While they ensure service is secure, apps are available and data is safe, the long term, nitty gritty protection of the data itself is on the customer. So, while Microsoft oversees all things infrastructure related in its offering, the data generated and long-term retention is the customer’s responsibility.
Let’s look at an example of what could happen if your company uses Microsoft 365 and suffers a ransomware attack.
As employees collaborate on projects in OneDrive, updates are automatically synced to everyone’s system when edits are made to a shared file. So if someone in the company gets hit with ransomware, not only are all that person’s files impacted, the current versions of everyone’s shared OneDrive projects are locked, too.
If you have no Microsoft 365 backup solution, you could locate an earlier version of those files and restore from there. But going back a version will mean losing data on all that has transpired since, and even over the course of just a few days, that loss could be considerable. Hundreds, even thousands of files may need to be restored, a process that would suck up huge amounts of employee time – and keep a company from getting on with business.
Back it up
These reasons alone are why companies will pay attackers. Still, even then, they can’t be entirely sure the files will be decrypted after sending along payment, and what’s more, this could encourage additional attacks.
On the other hand, when you back up your Microsoft 365 environment, a ransomware attack wouldn’t disrupt access to OneDrive data for more than a moment. The right cloud-to-cloud solution could not only back up your data as often as you’d like, it could also replicate to geographically distributed data centers. This would enable you to immediately restore files from any of these sites by simply logging into your backup portal.
Even so, recovering data after an attack is just one part of a comprehensive strategy. It’s important that plans be in place for disaster recovery (DR), because that’s exactly what ransomware can easily turn into. Therefore, an effective DR strategy should include preventative measures to keep your network from being infected in the first place. This could include:
- Threat Training: Making sure employees are versed on the basics of cybersecurity awareness, such as identifying phishing schemes and attempts to infect networks with malware.
- Control and Access Guidelines: Setting strict rules about which employees can have and issue administrative rights to apps, systems and devices.
- Clear Governance: Implementing IT rules regarding use of outside devices, including restricting unapproved or unknown ones to secure guest networks.
But perhaps the best approach is to engage a proven, trusted provider of DR-as-a-Service (DRaaS). By doing so, you’ll address these measures and the many others necessary to safeguard your operations from ransomware, as well as other types of disasters.
With the right DRaaS partner, you can back up all data at all times to a separate, functionally redundant digital environment. It’ll also be one hackers don’t know exists, let alone be able to infect with ransomware. As a result, you’d be able to thwart ransomware attempts because:
- You’d have all mission-critical data, apps and systems secure and accessible in the cloud, completely outside the reach of the cybercriminals.
- You’d have the ability to access key data based on the Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs) you specified with the DRaaS provider.
- You’d likely be able to retrieve and access data within minutes of contacting your DRaaS partner or by logging into your portal to start the recovery process yourself.
For Microsoft 365 users, backed up data is highly available. It removes a company’s reliance upon Microsoft to protect its data, allowing for instant restoration directly back into it or a direct download to local storage. It also serves as a storage repository for as long as you wish, enabling individual items, folders or entire mailboxes to be easily and quickly recovered so you can quickly resume business operations.
Continuous data protection, regardless of granularity, is more important than ever. Partner with the best to avoid the high cost of threats, missed opportunities and a damaged reputation. OffsiteDataSync has been safeguarding mission-critical IT systems for decades. That’s why CIO Review named us one of the “20 Most Promising Disaster Recovery Solution Providers” and we hold strong relationships with top vendors like Veeam.
Interested in how we help customers? Check out this story about an IT services company devastated by a ransomware attack that was able to save 95% of its clients and bounce back stronger than ever!