Ransomware in 2023: The Focus is on Recovery

With a 38% increase in global cyberattacks last year, the malicious threat of ransomware continues to grow. It is no longer a matter of ‘if’ an organisation will be hit but ‘when’, and, with the global annual cost of cybercrime predicted to top $8 trillion in 2023, organisations cannot afford to be complacent, argues Christopher Rogers, Technology Evangelist at Zerto, a Hewlett-Packard Enterprise company.

  • Thursday, 16th March 2023 Posted 1 year ago in by Phil Alsop

Ransomware continues to pose a very real threat to organisations of all sizes; in fact, the advent of ransomware-as-a-service platforms promises to further boost their growth. To combat this, IT teams need to focus on prioritising recovery so that their business can quickly resume operations with minimal disruption or data loss.

Relating ransom payments to recovery

Understanding why hackers target organisations is a great first step in the journey of developing a robust defence strategy. Bear in mind, encrypting your data is just the means to the end; the end in this case is the extortion of cash in exchange for a decryption key that will unlock your data and get your business up and running again.

Therefore, decisions on which organisations to target – and specifically how to attack them – are largely based on extracting the maximum potential returns. The larger the company, the larger the returns but also the more security obstacles likely to be in place to prevent attacks. This means hackers are turning to ever more elaborate and sophisticated methodologies, so it all becomes a ‘space race’ to outmanoeuvre the other side.

On the other hand, many companies are prepared to pay up to avoid disruption so hackers must make a careful evaluation of how likely any company is to meet the ransom demand. This willingness to settle isn’t necessarily related to a company’s ability to recover data because most companies will achieve this eventually. What’s more important is the speed at which systems and applications can be rebooted, particularly those that are reliant on ‘hot data’.

According to IDC, one hour of downtime costs the average company around $250,000, which means if you are hit by ransomware, the expenses will quickly mount so it might make sense to take the hit, pay the ransom and get your systems back online as soon as possible.

Specialised protection for critical data

Hackers will clearly target organisations that cannot afford to have critical production data and applications offline for any period of time, such as banks or healthcare facilities. Therefore, introducing a plan that defends a company’s production workload is a sensible first step. The issue is that, the majority and most popular backup strategies today focus primarily on capturing ‘cold data’, which can easily be restored in the days following a breach.

However, such back-ups are of little use when it comes to critical data in production workloads because they protect individual servers as opposed to the entire application. As a result, restoring data and rebooting applications via back-ups alone can take a very long, very costly period of time.

Instead, what’s needed is an enhanced recovery strategy that adds value on both fronts: establishing back-ups for less significant data and providing a faster way to repair live production applications. This is precisely where continuous data protection (CDP) solutions come into play.

Offering advanced workload and data recovery

CDP represents a notable evolution in the ability to rapidly restore vital data and networks. It captures data alterations as they happen in real-time and sets recovery points every five seconds, making it possible to return to a specific point in time just seconds before a malicious attack, thus avoiding disruption and data loss. In contrast, traditional approaches to backup use extended intervals – say nightly or even weekly – which means the last robust copy is likely many hours old and not fit for purpose.

CDP, on the other hand, can be simply automated and designed to enable the defence of entire businesses, making it possible to restore lost data for a whole virtual data centre comprising thousands of active workloads at the touch of a button. Deploying a data protection strategy built on CDP minimises the risk of disruption, downtime and data loss following a ransomware attack. This means we get back up and running with reduced service loss while IT teams can focus on recovering less important data via traditional back-ups at their own pace.

Ransomware criminals will focus on vulnerable organisations that will provide the best returns for the least effort. Usually, these are companies that protect their critical workloads and applications in the same way as less important data. Doing so means that vital services cannot be restored quickly enough so the likelihood of extorting a ransom increases accordingly. Instead, implementing a more proactive protection strategy, where vital data is continuously secured, will ensure that you can limit the success of hackers and recover data and applications as quickly as possible.