Backups may not save you from ransomware

Companies live in an increasingly digital world for which they must be prepared. Right now they are facing many challenges such as the adoption of work in the cloud. The migration process to the cloud is not always easy and then you have to take steps to protect it. However, it is not the only challenge they face, they also have to guarantee the security of their employees’ remote work. One of the biggest dangers organizations are facing right now is ransomware. At that time the company’s files are encrypted and prevent normal company activity. In this article, we are going to look at how backups may not save your business from ransomware in certain situations.

Rising ransomware and ransom price

A ransomware attack is one thing businesses need to take seriously. In this regard, it can have disastrous consequences for organizations. Thus, when encrypting the company’s files, a more or less prolonged period of inactivity occurs. This will cause economic and reputational losses to the organization along with the possibility of leaking confidential information. Then recovering from this loss of prestige takes time to regain the trust of customers.

The average payment after a cyberattack of ransomware increased by 80% in the first half of 2021. Cybercriminals are employing more and more aggressive tactics and the average ransom payment is almost €500,000. In this aspect, companies such as Colonial Pipeline paid up to 5 million dollars and JBS up to 11 million to be able to return to work normally.

Palo Alto Networks talk about the rise of quadruple extortion consisting of:

  1. File encryption and ransom payment request.
  2. Data theft and disclosure of information in the form of blackmail.
  3. Use of denial of service (DoS) techniques against the company’s web pages.
  4. Harassment of victims.

You may be interested in knowing if I have to pay a ransomware ransom.

Ransomware recovery time

We have already seen how companies like Colonial Pipeline and JBS opted for the ransom payment. The question then arises as to why these deep-pocketed organizations did not restore their own backups. In some situations those backups may not save these companies from a ransomware attack.

The problem is that although organizations have a backup system, many do not consider how long it would take to restore them. In large companies like the ones just mentioned above, with a large amount of data to restore, it will take one to several weeks for the company to return to normal operation.

What happens is that on many occasions, this downtime generates losses much greater than the ransom payment. Therefore, backups may not save that company and it is more worthwhile for them to pay the ransom. Just as these ransomware attacks are getting more and better ransom payments, they have become more and more popular among cybercriminals.

Backups may not save your business

Companies must have a contingency plan for ransomware attacks and other cyber attacks. In addition, they must have a good backup policy. In that aspect, it is not enough to have a backup system that keeps your data safe. The speed with which they can restore that data is also important because otherwise those backups may not save our organization. The losses of many days of inactivity can be very damaging financially and that is why cybercriminals sometimes end up being paid.

Therefore, we have to look for backup systems that allow us to recover as soon as possible. Thus, for example, recovery to tape, which is the cheapest for a large company, would not be the most successful. Note that recovery can take hours to recover a relatively small amount of data. Then we have a different RTO (Recovery Time Objective) backup system that, depending on the one we hire, can vary from less than an hour to weeks. In that aspect it would be necessary to try it and hire one that offers us the workload we need.

Additionally, we would have the continuous data protection systems with Backup as a Service (BaaS) providers who have solutions that provide RTOs from seconds to minutes. Finally, we would have the immediate total recovery systems that require a synchronous hot site and that is undoubtedly the most expensive approach.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *