Ensuring Rapid Recovery After a Ransomware Attack

A lively interaction at the recent N2TUG in Dallas

Security Threats: Emerging, Evolving, Expanding

For enterprises in just about every industry, the threat of cyber attacks looms constantly. Increasingly sophisticated, well-funded cyber-criminal organizations and nation states continue to wage attacks and adapt their tactics. Further, the emergence of commercially available tools, such as ransomware as a service, lower the barrier to entry for would-be criminals, and make it easier and more affordable to execute campaigns.

In recent years, ransomware has emerged as a big business for cyber criminals, and a big problem for enterprises. One survey found 71% of respondents said their organization had been affected by ransomware, and about the same share, 72%, of ransomware victims elected to pay the ransom to recover compromised data.[1] All told, by 2031, ransomware is expected to cost businesses approximately $265 billion.[2]

What’s worse is that, even if a victim elects to pay a ransom, they may still not be out of the woods. There’s no guarantee an attacker will actually return the data as promised or that they won’t reappear at a later date to try and extract more money.

In recent years, these attacks have brought down critical services and infrastructure and crippled entire companies. Here are just a few examples of some of the organizations victimized:

• Nvidia. Nvidia was a victim of a ransomware attack in which criminals absconded with 1TB of sensitive data and demanded more than $1 million in ransom.[3]
• SpiceJet. SpiceJet was attacked and operations were disrupted for several hours, leaving thousands of customers stranded.[4]
• Yum! Brands. This US-based company, which owns KFC, Pizza Hut, and Taco Bell, was forced to close almost 300 of its restaurants in the UK due to a ransomware attack.[5]

Requirements: Digital Resilience

The reality is that, even with the best defenses, every organization is still vulnerable. Employing adaptive, persistent techniques, malicious actors continue to find vulnerabilities and exploit them. Employees and contractors with credentials can pose risks in a number of ways, whether it’s an employee being fooled by a phishing email, an insider who’s been bribed or extorted, or a disgruntled former employee looking to exact revenge.

For all these reasons, it is critical for organizations to establish digital resilience. Not only is it vital to implement strong defenses for identifying and thwarting attacks, but also to be equipped to respond if those defenses fail or are bypassed. This requires teams to implement the architecture and mechanisms needed to enable fast recovery from a ransomware attack.

Establishing a Standby System to Enable Continuous Data Protection

HPE offers solutions that enable teams to recover quickly after a ransomware attack. The organization provides a recovery architecture for HPE NonStop that helps teams realize continuous data protection (CDP).

Through this recovery architecture, teams establish a separate “standby” system that’s out of harm’s way and that can enable the organization to restore operations.

The approach is to have a “known good” standby that’s always available and in a secure, immutable location. These standby systems are separated from standard production and disaster recovery environments, and are isolated in two key respects:

• Air gapping. Standby systems are not connected directly to the internet, for example.
• People gapping. Access to these systems is restricted to the fewest number of custodians possible.

Through these standby systems and architectures, organizations have the opportunity to recover from ransomware attacks, with minimal downtime and business impact. With these systems, teams can recover with a backup and restore critical operations, even while teams run forensics on the previous production system that was compromised.

Why Rapid, Efficient Backup is Required

These standby systems are critically reliant upon effective back up capabilities. While production and disaster recovery systems may be kept in near real-time synchronization, these air-gapped standby systems may not be backed up continuously. However, the faster teams can recover, the faster businesses can get back up and running, helping to minimize the downtime and other negative implications of a ransomware attack.

When set up, these systems could effectively function like a more traditional backup and restore scenario. Within NonStop environments, teams can employ transaction monitoring facility (TMF) auditing capabilities. TMF supports audited database files only, however. TMF doesn’t support un-audited database files and configuration files—and all these elements are key to fast, complete recovery. Consequently, TMF is not a complete solution for standby systems.

Solution

TANDsoft offers a differentiated, block-level approach that provides superior performance over alternatives. With FS Backup and Restore, teams can make routine backups faster and more resource efficient, which is a key ingredient in establishing successful CDP environments.

FS Backup and Restore reduces typical backup times from hours to minutes. The solution offers advantages in a range of environments, pretty much anywhere lengthy, resource-intensive backups are posing challenges.

FS Backup and Restore Offers Unrivaled Support for CDP and Ransomware Recovery

In addition to supporting more traditional backup environments, FS Backup and Restore can be used by organizations employing a CDP approach for recovery from ransomware.

The solution offers complete NonStop environment coverage:

• Supports all NonStop files, including OSS, Enscribe, SQL/MP, and SQL/MX.
• Works with all tape and virtual tape storage solutions.

In addition, FS Backup and Restore offers intelligent support for ransomware recovery deployments. The solution can be employed in air-gapped environments. In addition, it can be deployed to disk or immutable storage to meet speed, resilience, and compliance objectives.

Advantages

Maximize Data Retention

With FS Backup and Restore, teams can establish a flexible, granular approach to maximize data retention. The solution supports roll forward and roll backward recovery schemes. With the solution, teams can start with a backup from a known good state (such as a gold backup), and roll in any approved updates that happened after, up to the determined point of compromise.

Unrivaled Performance and Efficiency

Compared to alternative backup mechanisms, FS Backup and Restore offers major advantages in performance and efficiency. For example, with alternative tools, if one block of a file changes, the entire file is backed up. When large files are being managed, these approaches lead to lengthy back up times, limiting how often backups can be done. The longer these windows are, the bigger the organization’s exposure in terms of data loss. By contrast, with FS Backup and Restore, only blocks that have been changed are backed up.

Conclusion

When it comes to ransomware, it takes just one attack to inflict significant damage on a business. It is far better to prepare in advance for these attacks, rather than being forced to respond after the damage is inflicted. For IT organizations, it is vital to take a proactive approach, and establish an effective CDP environment that enables swift ransomware recovery.

With FS Backup and Recovery, teams can realize unparalleled speed and efficiency in ransomware recovery environments. With the solution, teams can reduce the time and resources consumed by each backup and gain the ability to do backups more frequently. As a result, organizations can more fully leverage ransomware recovery approaches, minimizing the exposure associated with ransomware attacks.

Learn More, Join us at the NonStop TBC 2023 Conference

To learn more, please visit tandsoft.com and request a demonstration. In addition, you can see TANDsoft solutions and representatives in person at the upcoming 2023 NonStop Technical Boot Camp, which is taking place in Denver, CO from September 12-14, 2023. Be sure to visit us at booth S-6.

Look for our participation in the newly formed Global NS Partner Alliance as it is officially unveiled at TBC 2023. Check the web site https://www.gnsalliance.com/ for further updates about this new partner ecosystem. Follow too the LinkedIn Group, GNSALLIANCE – Your NonStop Partner Portal, as well as on follow us on twitter using the handle, @GNSALLIANCE

[1] Statista, “Percentage of companies worldwide that paid to recover data compromised in a ransomware attack in 2022,” June 2022, URL: https://www.statista.com/statistics/700894/global-ransom-payers-rate/

[2] Cybercrime Magazine, “Global Ransomware Damage Costs Predicted To Exceed $265 Billion By 2031,” David Braue, June 2, 2022, URL: https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031/

[3] Telegraph, “US microchip powerhouse Nvidia hit by cyber attack,” James Titcomb, February 25, 2022, URL: https://www.telegraph.co.uk/business/2022/02/25/us-microchip-powerhouse-nvidia-hit-cyber-attack/

[4] BleepingComputer, “SpiceJet airline passengers stranded after ransomware attack,” Bill Toulas, May 25, 2022, URL: https://www.bleepingcomputer.com/news/security/spicejet-airline-passengers-stranded-after-ransomware-attack/

[5] Heimdal, “Ransomware Attack Shuts Down KFC and Pizza Hut Brand Owner`s Restaurants (Update),” Livia GyongyoșI, April 12, 2023, URL: https://heimdalsecurity.com/blog/ransomware-attack-kfc-pizza-hut/