Search
Close this search box.

When It Comes to Ransomware Recovery, Seconds Count

The author

Sponsored Post: Nasuni |

Ransomware attacks have unfortunately become a pervasive and common occurrence for modern organizations. According to Enterprise Strategy Group (ESG), 73% of organizations have been the victim of a successful ransomware attack that resulted in financial loss, disrupted business operations, or other impacts (see Figure 1) within the past 12 months.

Figure 1: Impacts of successful ransomware attacks (Source: Ransomware: Trends, Impacts, and the Role of Data Storage, ESG, Scott Sinclair, March 2023)

According to the 2022 IBM Security Cost of a Data Breach Report, the average cost of a data breach globally was $4.35 million in 2022, and it took an average of 207 days to identify a breach and another 70 days to contain a breach—a total data breach lifecycle of 277 days. Importantly, the report found that reducing the data breach lifecycle is key to reducing data breach costs—by an average of $1.26 million for a lifecycle shorter than 200 days. Ransomware attacks—not including the cost of the ransom itself—cost an average of $4.54 million and took an average of 49 days longer than other types of attacks to identify and contain. Interestingly, the average cost of a ransomware attack was only slightly less for victims that paid a ransom versus those that did not—not including the cost of the ransom (see Figure 2).

Figure 2: Measured in USD millions. Cost of ransom isn’t included in this calculation. (Source: IBM Security, Cost of a Data Breach Report 2022)

Ransomware defense requires a comprehensive three-pronged strategy that includes protection, detection, and recovery capabilities (see Figure 3). Rapid and effective incident response is critical to recovery from a cyberattack—particularly ransomware, where seconds count. In other types of cyberattacks, threat actors breach a target environment, establish persistence, and move laterally throughout the environment to achieve their attack objectives (such as exfiltrating data), typically over several months.

Figure 3: Ransomware defense requires a three-pronged security strategy that includes protection, detection, and response capabilities

A ransomware attack follows this same attack lifecycle lasting many months, but when the threat actor ultimately “pulls the pin” to encrypt your data—you have seconds to respond because you are literally racing against the threat actor (and your servers’ processors) to prevent your data from being encrypted. If you are able to block a threat actor’s command-and-control (C2) communications, you can prevent your data from being encrypted. An effective protection strategy from ransomware must include granular segmentation (and microsegmentation) of your environment to enable containment without shutting down your entire network. If you cannot effectively contain and eradicate a ransomware threat, then recovery is hopeless and even counterproductive—the threat actor can just “rinse and repeat” their ransomware attack until you capitulate. As this cycle repeats, so too does the damage to your organization to include financial losses, downtime costs, and reputation damage.

To ensure rapid and effective ransomware recovery, organizations must have incident response plans and ransomware playbooks that:

  • Clearly identify key roles and responsibilities
  • Document critical decision matrices to enable sound and objective decisions under duress
  • Provide step-by-step instructions for containment, eradication, and recovery

Executive leadership and incident response teams must regularly test their plans and playbooks to ensure all team members fully understand what is required of them and can respond effectively.

Once containment and eradication are complete, recovery can begin—as long as you have secure, reliable, and immutable backups of your data. Unfortunately, restoring millions of files from backup can take weeks or months for most organizations today—during which time business operations may be down or severely disrupted (see Figure 4).

Figure 4: Ransomware recovery using traditional backups can take weeks or months to complete

To enable rapid recovery of your data—measured in seconds and minutes, rather than days and weeks—you need a file storage and backup solution that includes the following capabilities and features:

  • Rapid ransomware recovery. After detecting, containing, and eradicating a ransomware threat, your recovery of files should be the shortest operation in your response timeline.
  • Granular restores. Many snapshot solutions can only recover an entire volume—not specific files or directories—thus users will lose work, even if they were not infected, because the whole volume gets restored from the previous week’s (or worse) snapshot.
  • Immutable snapshots with infinite recovery points. Newer ransomware attacks can employ a time-bomb effect that might take days, weeks, or months to detect. If file backups and snapshots are not retained for long enough, the risk is more significant for losing data and not recovering.
  • Testable/verifiable. Your file data platform should allow you to create a test location, either a test directory containing files or a test volume with directories and files, to verify the speed and viability of the restore process.

The Nasuni platform can restore millions of files in less than a minute—because seconds count when it comes to ransomware recovery. Learn more about ransomware threats and how to protect your valuable data from ransomware attacks here.

This Article Sponsored by Nasuni

Sign Up For Our Newsletter

Don’t worry, we hate spam too!

Get The Latest On Ransomware Right In Your Inbox

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

Is This Your Business?
Get In Touch

Contact Us To Sponsor Your Business Listing & Learn More About The Benfits.

Before You Go!
Sign up to stay up to date with everything ransomware

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

JUST RELEASED: The 2024 State of Ransomware Survey is in.

A REVEALING REPORT FOR IT PROFESSIONALS BY IT PROFESSIONALS

Share via
Copy link
Powered by Social Snap