Ransomware attacks are escalating and becoming increasingly devious and complex, making traditional security and backup measures inadequate to protect businesses against massive losses and downtime.
This emerged during a webinar on ransomware hosted by Rubrik in partnership with ITWeb. The webinar, entitled Real life ransomware recovery: Stories from the front revealed that while ransom demands had totalled tens of millions of dollars in the past year, the costs of lost business, regulatory fines and recovery could far exceed the ransoms.
Werner Vorster, country manager, sub-Saharan Africa at Rubrik, said: “We’ve seen 700 – 800% increases in ransomware, and the time to recover is becoming longer. We are facing more and more regulatory fines, and attackers know this and want to double extort you by selling the sensitive information on the dark web.”
Backups were never designed for mass recovery, he noted. “In the past, companies planned for low probability high impact events like natural disasters, with their production and disaster recovery data centres. But ransomware is high probability with high impact, and legacy systems weren’t designed to cope with cyber attacks at mass scale. This is why most organisations take so long to recover.”
Vileen Dhutia, head of security sales for EMEA at Rubrik, said backups have become vulnerable to attack: “Ransomware attackers may insert dormant malware – even into backup and DR servers,” he said.
Polls of webinar participants found that 57% had never simulated and tested a ransomware recovery in their environments, however 73% were 50% confident that they would not be re-introducing dormant malware into their production environment.
Said Dhutia: “The polls show people are more confident than they should be. How are they confident they can recover, when they don’t simulate ransomware recovery?”
He noted it was important to simulate and test ransomware attacks across systems, processes and people.
Polls of webinar participants found that 57% had never simulated and tested a ransomware recovery in their environments.
Vorster added: “It’s a difficult thing to test, because testing affects the production environment and few companies have windows to take production systems offline.”
Eric Badenhorst, systems engineering lead, Sub-Saharan Africa at Rubrik, highlighted the need to follow the Rubrik security best practice framework to secure the environment and support rapid recovery.
Rubrik’s set of best practices encompass planning and preparing, detecting and assessing, and recovery from an attack, using Rubrik Zero Trust Architecture.
The polls show people are more confident than they should be.
Vileen Dhutia, Rubrik.
Said Vorster: “Rubrik’s platform, from day one, was designed to combat modern threats, using a Zero Trust Architecture. Immutability is key, but it is not enough. The architecture needs to comply with zero trust frameworks, with analytics looking for anomalous behaviour and determining whether sensitive data lives within that anomaly. We do threat hunting to look for malware that hasn’t been executed yet. Once we’ve understood the extent of the attack, and the data that has been exfiltrated, we then look at options to recover as quickly as possible, while losing the least amount of data. You need insights into the data to make educated decisions around recovery, so the whole recovery process is managed by our intuitive policy engine.”
Vorster noted that Rubrik now offers an industry-first up to $5 million ransomware recovery warranty with the Rubrik Enterprise Edition, delivering the ultimate peace of mind. The ransomware warranty will cover expenses related to data recovery and restoration in the event that Rubrik is unable to recover protected data after a ransomware attack.
Share