Data recovery in the age of ransomware

Credit: Flynt | Dreamstime

With recent large-scale attacks dominating headlines, particularly WannaCry and Petya, ransomware is expected to cost over $5 billion in damages in 2017 according to Cybersecruity Ventures. These attacks are particularly dangerous because they don't just make a system unavailable, they render data unusable.  

If you've fallen victim to a ransomware attack, there are only two ways to get your data back without paying the ransom: get a free decryptor, or fall back on your data protection strategy and recover your data. 

Some victims have no choice other than to pay the ransom or lose their data. This is unfortunate because even if the ransom is a small amount, there are a number of problems with this course of action:

  • Criminals know you’re willing to pay a ransom and are more likely to target you again;

  • There’s no way to know that the criminals will or can decrypt your data;

  • Decryption might not work properly and you may lose data anyway;

  • Law enforcement agencies and other authorities discourage rewarding the criminal by paying the ransom. 

You can either leave your data decryption and recovery to chance, or deploy a comprehensive strategy before an attack happens.

Data protection and recovery

There are a number of definitions for “data protection,” but the common theme is that it requires more than running a backup. Proper data protection is included in security planning – it includes business continuity and disaster recovery planning, as well as the many security practices involved in preventing unauthorised access.  

In June, Barracuda conducted a survey focused on data recovery, which is ultimately what system administrators are trying to provide for their companies. Comprehensive data recovery involves data availability and data accessibility at all times. 

When we talk about data availability, we're talking about data that’s stored as a backup, whether on a tape or disk. Data accessibility, on the other hand, refers to how easily it can be accessed for recovery.  

Read more: How artificial intelligence is becoming a key weapon in the cyber security war

Data isn’t accessible unless the tape or disk is with a compatible system. Accessibility for that system may be close to 100 percent for an administrator in a server room, but may be reduced to zero while the administrator is offsite or away from a designated computer. Meanwhile, the availability of the data remains the same. 

Over 70 percent of respondents say that availability and accessibility are equally important. This indicates that businesses understand the value of data, as well as the value of recovering data quickly, possibly from a remote location or even a mobile device. 

Credit: Pressureua | Dreamstime

Protecting multiple locations

Perhaps one of the reasons that so many businesses value accessibility as highly as availability is that 53.4 percent are responsible for data recovery in more than one location. This means that the majority are working remotely at least some of the time. Their data recovery systems have to be accessible from more than one location and probably by more than one method. 

Over 50 percent of respondents say that their backups are cloud-based and 76 percent replicate their data backups in the cloud. This suggests that the 77.4 percent who say they’ve a disaster recovery plan are using the cloud for redundancy and accessibility.  

The bad news

There are two data points that cause some concern. The first is that 81.2 percent of respondents don’t test their data protection strategies more than once per year and about half don’t test them at all. This could be a major pain point, given data recovery may be the only way to avoid paying a ransom that may or may not result in the decryption of data. 

It's also good business to test the company resources. If the company has invested in technology and planning to protect data, these things should be tested on a regular basis. User files change in value, applications are added or replaced and data is moved – all reasons to be testing backups more than once per year. Perhaps an application upgrade uses a new database instead of the old flat files. Perhaps a new application was never added to the data protection plan. 

The second point here deals specifically with Office 365. Nearly 66 percent of Office 365 administrators are relying on the Recycle Bin for backup. Only about 1/3 of our respondents are using a data protection solution to protect their Office 365 deployments. 

The Microsoft Recycle Bin is a nice feature, but its job is to help organisations safeguard against accidental data loss – it's not meant to be a data recovery solution. It doesn't offer necessary features to protect Exchange, Sharepoint, OneDrive and other services.  

Default retention times aren’t standard across services, so administrators may not even have the minimal protection they expected. Data is non-recoverable once it’s deleted or ages out of the Recycle Bin. Companies that have to work within compliance frameworks and liability requirements may find that native Microsoft tools don’t meet the regulatory standards. 

What next?

If you find yourself in one of these scenarios, don't worry too much. These are things that can be fixed quickly and improved upon as you go along.  

Start by evaluating your current data protection and recovery plan. Do you have one? Who’s responsible for the deployment and management of the plan? Is the plan being tested? Are there any gaps between your recovery objectives and the capabilities of your data recovery solutions? 

One of the most important questions to consider is whether your data protection and recovery plans are part of your security strategy? If you work in an environment where data protection is separate from security, it's time to bring those two functions together. In the age of ransomware, they cannot be separated.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags data securityransomware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?