A recent report found that ransomware attacks quadrupled in 2016, and are likely to double in 2017. Not surprisingly, a research survey showed that 48 percent of organizations had been hit by ransomware in the past year. And as we highlighted in a recent blog post, next generation cloud applications and databases are quickly becoming an attractive target for criminals.
Attackers are targeting critical data or operations now, not just files. A few examples from the past two weeks highlight this trend:
- A police department in Texas lost 8 years of evidence to ransomware. Files, including surveillance and body cam videos, were permanently lost. The department’s backup process kicked off after the files were infected, so the backups couldn’t be restored either.
- The Washington, D.C. police surveillance camera were hit 8 days before inauguration. Ransomware took most of the cameras offline for 4 days until the software could be reinstalled.
- A luxury hotel in Austria paid a ransom to attackers after its room keycard system was disabled. The ransomware hit during peak travel times, forcing the hotel to pay the ransom so guests could get back into their rooms.
Attackers are getting much more clever and picking valuable targets within a business. It’s only a matter of time before ransomware hits cloud-based applications that run on these platforms. What can you do? Be prepared.
A layered “onion strategy” means using a set of security tools to spot and isolate malware and ransomware, but that alone isn’t enough. The Department of Homeland Security issued an alert last year highlighting the key role backup plays in defending against ransomware:
Employ a data backup and recovery plan for all critical information. Perform and test regular backups to limit the impact of data or system loss and to expedite the recovery process. Note that network-connected backups can also be affected by ransomware; critical backups should be isolated from the network for optimum protection.
As the Texas police department example shows, recovering from a backup won’t work if the backup itself gets infected. A versioned backup of business data and files is essential to recovery. That’s where most backup solutions fall short,especially for next generation applications and databases that cannot be quiesced to make a consistent backup copy across the database cluster due to their distributed nature. More importantly, given the large amount of data that is processed by these applications, it is critical that there is no bottleneck to data movement in and out of the cluster for an application consistent backup.