Blog

Mitigating the Business Impact of Ransomware Part 2

Mitigating the Business Impact of Ransomware Part 2

The second installment in a three-part blog series

Part 2: Backup – The Original Vulnerability

Mitigating the Business Impact of Ransomware: In the early 2000s, ransomware was a brand-new threat, specifically targeting enterprise backup operations. At the time virus writers and criminal gangs began to recognize a new area of vulnerability as the enterprise backup market moved from tape to disk-based solutions. All major backup vendors – Veritas, Commvault and later Veeam, Zerto, Cohesity, Rubrik – encouraged enterprises to move their backups to disk. You could back up faster, restore faster and use your backup as a DR target. 

Encryption Virus -> Ransomware Vulnerabilities

What About the Cloud?  

Ok, so your disk backups are corrupted. How do you now access clean, up-to-date data? Your backup strategy would probably include an offline copy, and traditionally that would have been tape. These days, cloud is also an option, but the challenge with both tape and cloud is that the recovery times are still very long. On-site recovery time from tape is measured in hours or days, and if your tapes are off site, you can be looking at days to weeks. 

And believe it or not, the process of restoring enterprise-wide data from a cloud backup can take days, weeks or even months. The recovery timeframe depends on the cloud service you use – some of them are quite fast at reads but very slow at writes. Some actually have tape systems at the back end, which are not suited for the way backup software works.  

The cloud backup timeframes mentioned above sound crazy, but they are not an exaggeration. DDN IntelliFlash was recently positioned against a major cloud vendor at a large–scale backup and disaster recovery customer opportunity. Both solutions delivered performance that met the customer’s requirements. That’s when our team suggested that we measure the time to restore from a backup – in this case a 17–terabyte virtual machine, which represented a small piece of the prospect’s estate. The VM restore was completed in just 15 minutes using IntelliFlash. By contrast, the cloud restore was still running SIX WEEKS later, after the customer had already purchased the IntelliFlash solution! 

On top of delays, some cloud services include a data egress charge, which results in you paying for the privilege of restoring your business after an attack. Ironically, some customers have decided it made better business sense to pay the ransom rather than pay the cloud vendor. Either way, you’re paying somebody to get your data back. 

Why Not Just Restore from Disk When Possible?  

Even if you were able to fully recover from a disk backup, there are performance considerations. Many enterprises that are otherwise forward-looking when it comes to data protection have run into such challenges. They may have appropriately sized their environment for continuous backup with no downtime, but unfortunately, they hadn’t sized their backup targets for recovery. So even though they’ve backed up to disk, the backup targets they’ve deployed may not have the performance or scale to restore data quickly –, especially if it’s a complete outage and the business is in a full disaster recovery mode.  

For economic reasons, backup targets are often based on spinning disk – they’re “cheap and deep” – and don’t have the performance profile of an all-flash system. If you need to restore your entire large enterprise and are booting from that system, you will very likely experience a lot of things moving very slowly. You may even find that it’s physically impossible to restore your data without first waiting for multiple workloads to migrate back to primary storage.  

This is where storage snapshots for ransomware and disaster recovery prove to be invaluable. In Part 3 of this series, we’ll discuss how DDN IntelliFlash snapshots provide full, rapid, economical data recovery and complement your backup strategy with an ideal combination of performance and security.

Mitigating the Business Impact of Ransomware

Ransomware attacks are just one of the many threats that can disrupt operations, compromise sensitive data and result in financial loss. DDN IntelliFlash is a unified storage platform that offers a full set of enterprise data services. These services protect against downtime and data loss, while maximizing performance and efficiency for concurrent file and block workloads – all with a single license. Learn more.  

Last Updated
Aug 13, 2024 3:14 AM