Data recovery from ransomware attacks: Data protection and recovery

In this way, ransomware is extended, what is ransomware, what is the precautionary measure that can be organized to protect from attacks, and how the data is quickly recovered in case of the worst.We recommend that you check if you are.

What is a ransomware attack?Is it worth taking precautionary measures?

Ransomware attack is simply a message that is, in terms of malicious software (malware), infection with a computer and requiring a ransom (ransom) to re -function. When you click on the email messages, instant messages, or the disguise links listed on a website, etc., ransomware is usually installed, computers are locked, and important specified files are encrypted with a password. If you pay a ransom, theoretically, the attacker will unlock the file using the decryption tool/key. In recent years, ransomware has evolved significantly and can attack existing network drives and backup data. Sophisticated ransomware destroys shadow data copy and recovery point data. Even if you use the recovery service, there may be problems after the attack.

In order to prevent ransomware attacks, companies are taking measures such as purchasing tools and conducting training for employees to identify suspicious messages and websites.Investing in security tools and training is expected to increase from $ 18.3 billion in 2020 to $ 24.6 billion in 2023, but the number of attacks is still increasing.CyberSecurity Ventures reports that ransomware attacks occurred once every 40 seconds in 2016, predicted that this year will be attacked once every 11 seconds.In 2020, Cyber criminals used new home working environments to target vulnerable industries and organizations, and ransomware attacks increased 148 % due to COVID-19 pandemic evil.

The last defense against a clever ransomware attack is backup.Therefore, investment in tools that help protect backup data are important.At the same time, you need to invest in solutions to recover data quickly from attacks.

How to protect backup data from ransomware attacks?

Ransomware, which risks infrastructure, is a treasure mountain for cyber criminals, and his time is his ally.According to Ponemon Institute and IBM, it takes 197 days for tissues to identify infringement.The best way is to take a multilayer approach so that the worst situation occurs so that the backup data is targeted and pays a ransom.However, it is not enough to introduce measures to protect backup data and do your best.As ransomware continues to evolve and become more sophisticated, it is necessary to quickly confirm that the company's IT production environment has not been infringed and how much it has infringed.In that case, you need a function to fully restore all data.

Therefore, there are three major steps in ransomware measures.

・バックアップデータがランサムウェアの標的にならないように保護:バックアップデータがランサムウェア攻撃の対象になるのを防ぐために、多層的なアプローチを提供するソリューションが必要です。このソリューションは、イミュータブル(変更不可の)スナップショット、ライトワンス(WORM)、ロールベースアクセス制御(RBAC)と多要素認証(MFA)による厳格なアクセス制御を提供するソリューションが必要です。

・ランサムウェア攻撃の検知:自動化された継続的な監視と機械学習により、ランサムウェア攻撃の検知がより簡単かつ迅速になります。このアルゴリズムは、データの取り込み/変更率の異常を自動的にスキャンして、本番環境でランサムウェア攻撃の可能性があることを警告します。

・迅速かつクリーンにリカバリ:ダウンタイムを最小限に抑えるには、迅速なデータリカバリが不可欠です。そのためには、まずバックアップスナップショットの健全性とサイバー脆弱性指数を表示するダッシュボードが必要です。このダッシュボードがあることで、データの場所や環境にかかわらず、すべてのデータを一括で瞬時にリストアすることが可能になります。

What are the features of the excellent ransomware countermeasures backup solution?

When investing in a solution for ransomware measures, we recommend that you choose a solution with an unwritten function.Legacy environment does not have the latest functions required to protect ransomware.Also, in the unlikely event of an attack, you need to make sure that it is a solution that can be cleaned and quick data recovery.It is also important to visualize data and systems and check if there is any problem before the restoration.The following are only a few of the functions that should be included in the solution.

・イミュータブル(変更不可の)バックアップ:このファイルシステムは、パフォーマンスへほとんど、またはまったく影響を与えることなく、頻繁で無制限のイミュータブルなスナップショットをサポートします。ランサムウェアは、イミュータブルなバックアップスナップショットにアクセスしたり変更したりすることはできません。

・厳格なアクセス制御:ランサムウェアのハッカーの多くは、脆弱なアクセスポリシーを利用して、攻撃を仕掛けます。RBACとMFAを組み合わせることで、許可したユーザーのみを関連データにアクセスできるようにすることができます。

・機械学習による検出を支援:機械学習を利用した早い段階での検知により、状況をすばやく把握し、侵害を受けた箇所にアクセスし、問題への対応を迅速に開始することができます。

・瞬時の大容量ストア:ランサムウェアが1台のマシンとか数台の仮想マシンだけを攻撃することはほとんどありません。バックアップソリューションは、堅牢で最新のものでなければならず、何百もの仮想マシンや大規模なデータベースを任意の時点へ瞬時にリカバリできる必要があります。

What are the benefits of introducing ransomware solutions?

The latest backup solutions with ransomware countermeasures are ensured so that the organization is tied to ransom and pays for payment. This solution is the last defense line against the attack. The appropriate backup solution gives the organization a sense of security. Cyber ​​criminals who try to make money using misfortune are constantly developing creative tactics to invade IT systems. Even if you are infringed by a major defense system, if you have a backup solution with a ransomware countermeasure function, you can identify the attack and reduce the damage. Even if you are infected with ransomware, the latest backup solutions have a quick recovery function, reducing risk and preventing prolonged problems.

Introducing ransomware measures is a valuable investment to prevent large amounts of data loss, protect corporate reputation, and avoid financial suffering remaining as sequelae of attacks.This solution protects backup data and systems, enables early detection, and enables quick recovery by performing instant mass restoration.As a result, companies can almost zero data loss and gain confidence to refuse to pay ransomware.

Author: Junichi Iwagami

Cohesity Japan President and CEO

He has served as a representative executive officer of the net -up, a vice president in charge of SAP Japan, and a business manager of the Japan IBM product section, and has more than 30 years of experience in the technology industry.He has built a close relationship with various customer companies and partners who use technology to solve business issues and improve their performance.Utilizing the experience of a wide range of IT infrastructure and marketing that we have cultivated so far, we support data protection, safety, and regulation compliance so that domestic companies can bring out more value from data.。