Ransomware Recovery

Ransom. The word that once made us think of gritty movies or television police dramas has now become a daily reality for IT teams tasked with keeping business critical data safe from attackers. But while security teams are investing in new tools to protect valuable data, extortionists continue to find new mechanisms to encrypt organizations’ data – from access to production files to storage devices.

Backups are one of the most – if not the most – important defenses against ransomware. But cyberattackers know that when backups are subject to corruption, they can use it against you. That’s why advanced ransomware is now targeting backups – modifying or completely wiping them out – and eliminating your last line of defense to drive large ransom payouts.

Ransomware is designed to encrypt your data so that it is no longer usable. Often, this means encryption of data held on primary storage to overwhelm IT and require massive recovery efforts from tape or other archives. For mid-sized organizations, this resource-intensive effort can become debilitating for IT.

Additionally, lower-level encryption of the Master Boot Record (MBR) or other operating system level encryption is used to prevent booting and other common operations. For virtualized environments, the shared data storage used to host virtual machines is a primary target. This can effectively bring down critical services in an organization. The attackers then demand a ransom to unlock the data so that services can be resumed.

Recovering from a Ransomware Attack: Immutable Backups are Key

Data backups can be an effective way to restore data that has been locked/encrypted by the attack. However, what if your backup data is also encrypted or deleted by a ransomware attack? How do you ensure that your backup data is not vulnerable to these attacks? Immutable backups are key.

While primary storage systems need to be open and available for client systems, your backup data should be immutable. This means that once data has been written it cannot be read, modified, or deleted by clients on your network. This is the only way to ensure recovery when production systems are compromised.

This goes well beyond simple file permissions, folder access control lists, or storage protocols. The concept of immutability needs to be baked into the backup architecture so that no security exposure can tamper with the backups.

Rubrik Complete: Bringing Immutability to Mid-Sized Organizations

Rubrik Complete, designed to deliver enterprise-level functionality while meeting the needs of mid-sized organizations, uses an immutable architecture by combining an immutable filesystem with a zero-trust cluster design in which operations can only be performed through authenticated APIs.

Other data management systems use general purpose storage with limited or ineffective means of securely transacting data and, in some cases, will leave files in their native format while allowing clients to read the backup data directly. Rubrik Complete doesn't allow this to happen. This is a breach of confidentiality and puts extra burden on the customer to secure the storage independent of their data management solution.

Rubrik Complete leverages Atlas, an immutable Filesystem that is largely POSIX (portable operating system interface) compliant, to provide tight controls over which applications can exchange information, how each data exchange is transacted, and how data is arranged across physical and logical devices. Atlas is custom designed to be a distributed and immutable file system for writing and reading data for other Rubrik services. In addition to a zero-trust cluster design, Rubrik Complete leverages several other elements to protect the integrity of the system through internal hardening standards.

For mid-market organizations challenged with protecting against ransomware, immutable backups are vital to ensuring you can reliably recover to ensure minimal downtime of critical services. Rubrik Complete Edition uses a combination of data immutability and a zero-trust cluster design to deliver enterprise-level data management and protection with a budget and size that’s just right for mid-market business. By reducing the complexity and overhead associated with backup solutions and providing truly immutable architecture, Rubrik Complete Edition gives mid-sized organizations the peace of mind that comes from knowing you can recover from debilitating attacks.

Navos are partnered with Rubrik and have extensive knowledge of implementing and using Rubriks backup and recovery solutions. To find out more contact us at info@navos.co.uk or call 0117 471 1341.