You’re well aware of the importance of data backup and recovery as a way to protect your organization from losing critical information in a ransomware attack or a system failure, but you may not realize many of these solutions have an inherent flaw. Because of the nature of how traditional backup and recovery systems work, they can actually make your organization more vulnerable to ransomware attacks.
Here’s what you need to know.
Data backup and recovery solutions work by making copies of files at regular intervals and archiving them in a separate location from the primary data source, such as a disk storage system or a cloud platform. The backup component copies your data, while recovery enables you to restore your database to its original format following a system compromise.
However, the extent to which you can recover data quickly and easily depends on several factors, including how often you back up your data and the backup and recovery solutions you use.
You have several options when it comes to deploying a backup strategy. Here’s a closer look at the advantages and disadvantages of each.
A full backup copies all your enterprise data, including files, folders, software applications and drives. While full backups are designed to enable a faster recovery, they are time-consuming and require more extensive physical space or cloud storage, which can be costly. They also store a lot of duplicate files, requiring organizations to invest in data deduplication solutions to reduce those costs.
Differential backups store data from the most recent full backup and any data that was changed or created since then. This results in duplicate files, but less data duplication than there would if you’re performing full backups frequently. The downside is that it will take more time to restore the data compared to restoring it from a full backup.
Incremental backups are designed to further reduce the time it takes to back up data, but their design makes the process of restoring data more difficult. Incremental backups copy data in full once and then only copy data that has changed since the previous backup, whether it was a full backup or a partial one. The less time you have between increments, the faster the backup. Some incremental backups track these changes at file-level increments, while others track them at block-level or at byte-level. To fully restore your data, you need to identify the point in time when these changes occurred.
Physical backups are files copied and stored on a disk, tape or another offline storage location. While this type of backup has traditionally been the most common and makes it easy to control access to files, it’s difficult to scale and expensive to maintain as your business grows. Your company will need to cover the cost of on-site storage, hardware and the media you use to store hard-copy backups, and you’ll need someone to manage them. That includes changing backup disks or tapes and storing months or years’ worth of data in a way that makes it possible to restore it later without significant downtime.
Another disadvantage of physical backups is the risk of data loss if there is a natural disaster or if the files become corrupt.
Cloud backup providers use remote servers instead of physical media to store copies of data. These backup solutions are easier to scale, more cost-effective and more resilient than storing physical files. However, they don’t necessarily enable faster recovery.
Cloud backup solutions also have a critical flaw — they don’t allow you to restore your data once it becomes encrypted in a ransomware attack.
Ransomware attackers know they have more leverage if a company is unable to gain access to its enterprise data. That's why many have become increasingly sophisticated, exploiting cloud backup solutions as a way to extort ransom.
This is a well-known tactic of the Conti ransomware gang, a group of cybercriminals that use double extortion to encrypt data and then threaten to publish it if the first ransom demand doesn’t work. Conti specifically recruits attackers who can find and destroy backups, according to an Advanced Intelligence report summarized in ThreatPost. The ransomware-as-a-service group installs tools designed for network penetration testers and remote network management, then uses them to impersonate a legitimate backup user and exfiltrate data.
You shouldn’t have to choose between fast recovery and security — and fortunately, you don’t have to.
Myota’s Converged Data Security Platform combines the principles of Zero Trust, data encryption, immutable redundant storage and advanced data dispersion in a single solution you can apply across any storage location.
Our unique methodology facilitates data deduplication as a first step in our data transformation process, eliminating data replication while ensuring compatibility with object storage locations. Myota chunks data files, encrypts the chunks, shreds them and individually encodes each shard. This ensures they have no value to ransomware attackers while making it easy for you to recover files.
You don’t need to run through backups to find the most recent version and reset, which can take days or weeks.
With the Myota administrative console, you can restore files or replace a compromised storage node in real time. You can also define data retention policies, improve restore time objectives and maintain business continuity. Learn more about how Myota helps you withstand attacks and recover faster.