Skip to content

September 28, 2018 |

How Disaster Recovery Changes the Ransomware Game

Disaster Recovery as a Service (DRaaS) could help you avoid paying ransom or losing files to ransomware. As one of the fastest growing and evolving cyber attacks, ransomware ties for first place with data theft as one of the two biggest cyber threats.In 2019, ransomware attacks on businesses rose by 365%.

Disaster Recovery Mitigates the Impact of Ransomware

Ransomware payloads are often unleashed in an organization’s environment through its user community. An attacker may bombard an organization’s users with malicious emails hiding ransomware. Once triggered by a user, the ransomware often spreads beyond the initial user’s system – and keeps spreading through the network to create a big problem for the business.

Unlike data theft, which takes data out of an organization, ransomware locks up the data and demands payment to let it go. Business disruptions from ransomware are not just inconvenient; they can significantly damage a company’s reputation and bottom line. Of ransomware-infected small and medium-sized organizations, 22% cease business operations immediately, reports Malwarebytes.

Disaster Recovery as a Service (DRaaS) solutions can mitigate the damage from ransomware and keep the business functioning, so you can continue to meet the needs of your customers. Unlike traditional disaster recovery, DRaaS maintains available and frequent copies (or snapshots) of data, readily spools up systems on which to restore them, creates a platform for testing a clean recovery, and includes processes to fail back to regular operations.

Also read: The Strategic Guide to Disaster Recovery and DRaaS

The latest in ransomware tactics

Ransomware has been around for years, primarily as an end-user computing problem. The user was tricked into executing a malware payload, the files on their system were encrypted, and a ransom was demanded to recover that system. In keeping with the size of the target, ransoms were relatively small amounts.

That changed with self-propagating ransomware, such as WannaCry and Petya/NotPetya. Software backdoors such as EternalBlue in the Windows Server Message Block (SMB) file sharing protocol, and Active Directory vulnerabilities, provide powerful access for nefarious attackers to spread their malware beyond a single user’s system. Using a worm-like vector, the ransomware can find its way through a business network and attack all the machines that are a part of the environment.

Attackers can even find and target the most important systems in your network, instead of encrypting at random. They can find Exchange servers, database servers, ERP systems and SAP databases and the like – and prioritize attacks against those systems, because that’s the data to hold hostage: the most important data to the organization. In turn, ransom amounts have skyrocketed.

Making the ransomware problem even worse was the creation of a new business model, ransomware as a service (RaaS), which the availability of uncontrolled and unmonitored cryptocurrencies, such as Bitcoin and Litecoin, enabled. Ransomware-as-a-service is openly advertised on the Dark Web, and authorities find it very difficult to shut down. RaaS is easy to consume: an average individual can download the Tor browser, search for RaaS, pay for the service with a cryptocurrency, and attack targets using the RaaS tool – with the goal of recouping the initial investment and turning a profit.

Expect more attacks, and more successful attacks. The reality is that enterprises have been caught unaware and had no choice but to pay the ransom – hoping that the source of the malware would and could provide access to the targeted files. In some instances, malware that said it had encrypted files, actually deleted them – resulting in no chance of recovering them even after a ransom was paid. The organization could face permanent data loss and scramble for out-of-date archives that were not nearly as valuable as their current data sets.

Prepare now to recover from a ransomware attack

If you were in a ransomware situation and had to mitigate a ransomware attack, DRaaS solutions offer big advantages over traditional disaster recovery methods. Specifically, DRaaS is designed for recovery in a timely and practical manner. Data loss is minimal (less than 15 minutes) and recovery is much faster (a few hours, instead of days). DRaaS can even improve your organization’s speed of patching to minimize vulnerabilities exploited by ransomware and other malware.

Also read: 10 Questions to Ask When Shopping for Disaster Recovery as a Service (DRaaS) Solutions

Besides being faster, DRaaS recovery is also safer in a ransomware incident. The short recovery time of DRaaS can allow an organization the flexibility to restore and test a recovered environment in a safe space, to avoid reinfection. DRaaS can also allow the incremental rewinding of the restore point and re-testing, before committing to a full recovery.

Patching software to close vulnerabilities that could be exploited by malware is a key step to preventing ransomware infection. DRaaS helps with patching too, by making it safer to patch production and dev-test systems – so your organization is more likely to apply patches and upgrades sooner. Specifically, DRaaS supports the testing of patches in a test bubble, which reduces risk. With more regular patching, your systems are less likely to be infected by self-propagating ransomware and other malware.

Watch the webinar, “From Hurricanes to Hackers: the Expanding Horizons for Disaster Recovery”, to learn more about the impact of DRaaS on cybersecurity.

Create a disaster recovery strategy for ransomware

It’s also important to stay informed of the latest ransomware trends, but it’s even more important to have a strategy to protect your business. Read our Strategic Guide to IT Security to learn how to approach IT Security or contact us to learn more.

Strategic Guide to IT Security_2020 edition

Subscribe to the TierPoint blog

We’ll send you a link to new blog posts whenever we publish, usually once a week.