Organizations need to better manage backup data to ensure effective ransomware incident response

Published: Friday, 01 October 2021 08:34

Government agencies such as the US Federal Bureau of Investigation (FBI), the United Kingdom’s National Cyber Security Centre (NCSC), and US Cybersecurity and Infrastructure Security Agency (CISA) continue to issue warnings on ransomware as attacks increase.

Regardless of the vulnerabilities, addressing data backup systems is fundamental to reducing the risk of downtime due to ransomware and other cyber attacks, according to experts at Index Engines.

Regular, comprehensive, verified backups are not only key to rapid and reliable recovery, they are also key to identifying that an attack has occurred and knowing the impact. Real-time security software is no longer adequate says Index Engines – modern ransomware is sophisticated, and can circumvent basic scans and integrity checks. Highly destructive Ragnar Locker and WastedLocker, to name two, both encrypt data; while others including Conti can shut down backup software entirely.

“Perpetrators of attacks are no longer individual cybercriminals or disgruntled employees, they’ve become high-tech organizations offering Cyberattack-as-a-Service (CAaaS), complete with big budgets and help desks,” said Jim McGann, vice president of Index Engines. “Sadly many enterprises are not prepared to go into battle because the very systems that are supposed to keep them safe, backedup and secure, are not as effective as they need to be.” 

To provide the proper defense / defence, data backup and protection products need to perform the following added functions:

Index Engines further advises organizations that the following tools and practices may be insufficient in the current era of cyber attack, in which criminals are aware of how to cover their tracks:

“Rising ransomware is putting pressure on enterprises to have a true cyber recovery plan and not depend on their disaster recovery plan,” said McGann. “This includes full analytics, forensic reporting and diagnostics, validating the integrity of the data. Backup needs to be as sophisticated as the cyber criminals and the attack vectors.”