How can anti-ransomware software support your disaster recovery plan?
Anti-ransomware software supports your disaster recovery plan and protects files and backups and so it is a great addition to your strategy. Disaster recovery plans are being developed to ensure business continuity in case of incidents that affect systems and data. All such projects include solutions that perform regular backups of important files, in various ways and to different locations but most do not include anti-ransomware protection. However, ransomware is a problem even for good disaster recovery plans as there are at least three ways in which it can break even the most efficient ones:
1. Ransomware may compromise reachable backup repositories
If during a ransomware infection, the backup repositories are online and reachable from the infected machine, and if the ransomware runs in a security context that has sufficient rights to access the backup repositories, it may attack and encrypt the backups. Depending on the backup strategy in place, the impact of this type of incident:
•With proper offline/online backup synchronization, it may just involve rebuilding the online backup from another (offline) backup, eventually losing a few hours worth of files;
•Without proper offline/online backup synchronization, or if the timing is terrible, it may involve losing a significant time range of backups.
In any case, there is serious downtime and concern for IT.
2. Ransomware may compromise files before they make it into the backup repositories
If endpoints get infected with ransomware, and if a backup task runs before the infection is detected (usually the case in unprotected environments), it may be that the backup solution will copy encrypted files into main backups. These encrypted files may propagate to offline backups, etc. The impact of this incident varies depending on when and how the ransomware infection is being detected, but it all boils down to having backups which cannot be restored.
Here is a real-life scenario experienced by one of our customers before using our solution.
It provides some insight into the impact of such an incident: a laptop is connected to the network and infected with ransomware. During the infection, the ransomware attacks a mapped drive on the laptop, that points to the file server and encrypts part of the data on the file server. Next, the ransomware infection is detected on the laptop as ransom notes pop out, but nobody has any idea about the fact that the file server was also compromised remotely. The endpoint is restored from the last backup, some files are lost, but the incident is closed. Next, the backup job runs on the file server and backs up encrypted files without anybody knowing. At this point, there is a backup that IT relies on, but which cannot be restored.
3. Ransomware may compromise files recently changed which were not backed up yet.
Ultimately, with incremental backups, if there is a ransomware incident, you always lose the files changed between the last backup and the ransomware incident itself. Restoring from the last backup helps a lot in this case, but there are cases where the files changed in-between are critical and cannot be recovered. In these cases, the business loses time and money re-doing work already done.
How can anti-ransomware software help
Our anti-ransomware software detects and stops ransomware in seconds, and notifies IT on such incidents. At the same time, it creates real-time backups of files being manipulated in suspicious ways, covering the gap between the last incremental backup and the ransomware incident, and ensuring no data is lost. It also protects the files it backs up in safe vaults on the local hard drive. The backup solution part of the disaster recovery plan can feed on these secure vaults ensuring no encrypted files make it to the backups.
By using anti-ransomware software together with backups, your disaster recovery plan benefits from the following enterprise ransomware protection features:
•No important file loss on ransomware incidents, even if the incremental was taken hours ago;
•No backup repositories get compromised;
•No encrypted files make it into main backups that IT needs to rely upon.
Anti-ransomware software delivers adequate ransomware protection for your latest files and backups, and the advantages it brings make it a great addition to your disaster recovery plan. For more information, follow us on social media and subscribe to our newsletter.
Looks interesting. Some questions though:
How does it protect files and how can backup get files safely from the protected zone? Does it work out of the box or there is some integration needed? Also, what is the impact on the machine, how many files are protected in real time, and how much disk space is required?
The user’s files are backed up in real-time whenever they change. They are backed up in safe zones on the local drives. The safe zones are protected by a special driver so that only our product can change files in those zones. The rest of the applications running on the system can only read those files, provided they have administrative rights. No integration is required, it is just a configuration setup for the backup solution. We keep up to 4 versions of each file in the safe zone, if disk space allows it. The impact on the machine is minimal in regards to memory and CPU consumption. In regards to HDD consumption, we need HDD space for the copies. The types of files to protect are configurable, as well as the maximum size. The software can use available disk space optimally using all available partitions. To reduce the disk space, once can also configure the product to automatically delete old or unnecessary versions of the files from the backup repository.