A number of high-profile attacks on corporate and public sector organisations have attracted media attention and highlighted the risk that malicious ransomware attacks present to organisations across the globe. This prevents firms from accessing their data, and then asking for a ransom payment to regain control of business-critical data is a serious problem.
As the number and sophistication of attacks increases it is becoming not just important, but essential to implement effective data backup and recovery solutions.
The pressure from management to get back up and running is overwhelming. Rather than getting on with the task at hand, you are bombarded with questions and demands for updates: how soon will we be back online? Will all the data be fully recovered? What do we tell our customers?
According to the Emsisoft Malware Lab, ransomware attacks in 2019 “impacted at least 966 government agencies, educational establishments and healthcare providers” at a potential cost in excess of $7.5 billion. Whilst cyber security teams continue to invest extensively in protection tools, extortionists continue to find new mechanisms to encrypt organisations’ data. Backups are one of the most – if not the most – important defence against ransomware. However, advanced ransomware can target and corrupt backups as well, modifying or completely wiping them out, eliminating data security and driving even bigger ransom pay-outs.
In this blog we talk to Assured Data Protection’s Stewart Parkin, EMEA CTO and his colleague, Disaster Recovery Specialist Sandeep Jandu as they walk us through Rubrik’s immutable architecture and robust security controls that offer robust protection from cyber-attacks.
Understanding The Problem
We asked Sandeep to tell us more about the scale of the problem.
“The people behind ransomware attacks use some sophisticated techniques to target as many different commercial email addresses as possible. They rely on just one or two people clicking on a link in an email or downloading malicious software on to a USB stick which eventually finds its way to work and is then unintentionally let loose to encrypt files across the organisation.
Although IT infrastructure managers might be aware of the issue it is often too late to prevent some serious damage being done. And of course, the bigger the organisation, the greater the risk of just one person making an innocent mistake which leads to a full-scale ransomware attack.
Introducing ADPs Rubrik product
Rubrik provides a uniquely immutable filesystem that natively prevents unauthorized access or deletion of backups, allowing IT teams to quickly restore their files to the most recent clean state with minimal business disruption. As Sandeep explains, “we can restore data from the most recent backups with just a few clicks. Recovering data is easy, but it’s essential that older files are kept safe because ransomware often starts small, encrypting a few files and documents that might go unnoticed, meaning that these changes end up saved within the backup files. We can protect against that by using looking at metadata and file histories within the backup, selecting only clean unchanged files for data recovery. We’ll always have a clean copy of our client’s data because our immutable backup protects files completely”.
So, what is an immutable backup?
“Basically, the data stored on Rubrik is best described as ‘inert’. It is encapsulated and compressed within Rubik's encoding. This gives the data incredible stability and security. It can never be changed or deleted. It’s not got the same vulnerabilities as a standard server or workstation, and that’s really important when it comes to ransomware”.
Does Assured Data Protection offer the best solution?
“We think so, and so do our customers!” Sandeep explains that it is the way that Rubrik protects and stores data that makes it such a great solution for organisations worried about cyberattacks. Stewart points out that it is not about preventing attacks - there are lots of software solutions available which attempt to do this, rather the focus is about providing a last line of defence which renders ransomware attackers powerless.
“By providing robust data protection and focussing on continually improving recovery speed we’re speeding up the recovery process. We are quickly identifying files that have changed so that we can restore them to the most recent clean slate version, giving clients complete confidence in their business continuity. And we can do all that at the click of a button.”
So you can recover data instantly?
“Perhaps not instantly, although for a virtual machine we can deliver recovery speeds of 30 to 60 seconds. It’s not just about speed though – it’s also about Rubik’s ability to handle more complex scenarios. When there are millions, even billions of files, recovery isn’t going to happen in minutes, but each file can be checked and recovered in a relatively quick timeframe. Each file can be checked for any changes that happened during the ransomware attack. There aren’t really any other solutions which enable this to happen quickly.
When it comes to discussing Rubrik’s key features Stewart is quick to point out that it comes back to immutability. “Ransomware simply cannot attack data that has been backed up – imagine it like a snapshot – it can’t be changed, ensuring backup files can’t unintentionally reinfect the system”.
“It doesn’t matter how much firms invest in protection from ransomware if, when it happens, the systems are not in place to get back to business quickly. That is our passion – helping clients recovery data quickly and getting back to work.”