Strengthening Ransomware Recovery in a Post-Covid World

By: Milind Borate, Co-founder & CDO, Druva

An unprecedented year has left us with several unprecedented challenges. With lives and economies upended, the world is bracing itself to recover from these newfound uncertainties, which have added to the existing ones. For most organizations across the globe, it is the growing problem of ransomware attacks that threatens to expose company data. That COVID-19 has increased concerns around data protection is evident in a recent survey.

While globally, 73 percent respondents say that they are more concerned now with protecting their organizational data from ransomware than they were before the pandemic, 89 percent of IT decision makers (ITDMs) in India say they fear the same.

Not surprisingly, adopting Cyber resiliency capabilities to identify, respond, and recover with confidence from ransomware attacks, has become the new essentials for today’s businesses.

India Inc.’s tryst with cyber attacks

 If the coronavirus didn’t imperil India Inc. enough, a series of rampant ransomware incidents kept businesses nationwide on their guard. Organisations in India were the most attacked[1]; attacks, in particular, targeted India’s healthcare and pharma sector companies battling the pandemic. Nearly 80 lakh attacks were recorded between October 1 and November 25 last year by the healthcare sector-based ‘Threat Intelligence Sensors’ network[2].

Hackers are becoming sophisticated day after day, constantly sharpening their approaches, attack-after-attack on newly vulnerable remote workforces and infrastructures. The agility, frequency, and destructive impact translates into a threat environment unprecedented in reach and scale. Many attacks succeed, in part, because of global lockdowns triggering a sudden switch to remote working that exposed vulnerabilities in networks, operating systems and clouds. In addition, the value of owned and confidential data has acquired greater import in the emerging data-driven economy.

While Covid has been the greatest driver of digital technology use, it has also made digitally stored data even more mission critical. In fact the report has captured 76 percent of Indian IT leaders saying that their digital transformation plans have accelerated due to the pandemic.

A robust response and recovery strategy

 Together, these factors necessitate that CTOs and CIOs treat ransomware attacks not as a distant possibility, but an inevitability that must be shielded against. With digital operations becoming the mainstay of continuity, organisations must be able to swiftly identify, respond, and recover with confidence from ransomware attacks. In fact, India is the worst hit nation by ransomware attacks in the Asia Pacific region, during the pandemic. With 34% Indian organisations paying between $1 Mn – $2.5 Mn as ransom pay-outs to the hackers to get back their data and system access in the last 12 months,[3] one can only imagine the pressure amid all the ongoing chaos.

The rising proliferation of attacks, and the deep damage they can today wreak on operations, has underscored the need for a robust response and recovery strategy, lest organisations fall prey. Even in the worst-case scenario – the successful completion of an attack – data back-up and recovery must remain resilient. As the last line of defense, these are critical to continuity.  An effective ransomware response strategy must incorporate the following essentials.

Firstly, swift detection. Unauthorized or non-compliant administrative access in the back-up must be immediately flagged off as an alert and mitigated. Along with detecting anomalies detection, infected backup files must be quickly isolated lest contagion spread, while also allowing customers to quickly identify the last known good backups. Further, machine learning must be deployed to detect potential ransomware activity and identify last known good snapshots for ransomware recovery.

Secondly, rapid response. Infected files must be quickly identified and quarantines, and a search for Indicators of Compromise (IOCs) must be implemented to prevent the spread of contamination. To prevent re-infection, malicious files must be identified and deleted across all endpoint backups, organization wide.

Thirdly, recovery. Around 67 percent ITDMS in India surveyed in the Value of Data report say that the time to recover data is still an issue and has increased since the pandemic, multiple recovery options must be available to quickly recover endpoint devices. This entails auto-creation of recovery snapshots, bulk recovery, and IOC scanning during file restores. The backups must be ‘air-gapped’ (stored offline) to protect against infection, with strong encryption and access controls to prevent malicious activities.

Into the future

Such a multi-level approach to ransomware protection and recovery can defend businesses against data loss, reduces downtime, and streamline recovery. In addition, security service providers must show a demonstrated history of continuous and robust innovation, the only safeguard in a fast-changing digital landscape. The most valuable aspects of using cloud data protection for ransomware recovery is that there is room for constant innovation with new features and functionality that has the capability to tackle the dominance of ransomware attacks.

The pandemic has taught us several lessons. Staying safe is one of the many vital teachings; along with the virtue of looking for opportunity in every crisis. So, even as India stands at the threshold of a second wave of COVID-19 cases hitting the nation, the surge in inoculations is helping us safeguard from the pandemic. However, we can’t afford to let our guard down and do away with masks and participate in large social gatherings.

On similar lines, strengthening their data protection and management with advanced Cloud capabilities is a shot that India Inc., needs to defend itself from any impending cyber incidents of all kinds. There is no room for complacency.