A shot against ransomware attacks


By Bakshish Dutta, Country Manager-India & SAARC, Druva

In today’s world of remote working, learning, and networking, absence of data protection and management software makes people and organizations vulnerable to cyber threats. The increasing reliance on data by organizations is heightening the risk of ransomware attacks. Digital transformation, therefore, should not just be about adopting technology to drive business growth, but also about safeguarding it and protecting user privacy.

The Value of Data Survey revealed rising concerns among Indian businesses about data protection; a growing need to enhance resilience; and the role of data agility in enabling better operations and consumer experiences. The report showed that 89 percent of IT Decision Makers (ITDMs) were more concerned with protecting their organizational data from ransomware attacks after the pandemic than before it. Furthermore, it revealed that protecting data from outside threats, preventing unauthorised internal access, and ensuring business resilience are becoming key priorities as organizations accelerate their cloud migration and digital transformation. A three-step approach of “detection, resilience, and recovery” can minimize security risks. Let us look at some of the most effective solutions and the benefits they yield.

A multi-layered defense

Malware quietly lives in your environment, searching for vulnerabilities, watching human behavior, and encrypting critical data for 95 days. A multi-layered defense is the best way to combat ransomware. Enabling advanced recovery enhancements and technology integrations helps identify, respond and recover data with agility and confidence. The threat surface, meanwhile, is expanding. Of the 300 ITDMs surveyed in the Value of Data report, 31 percent reported an increase in ransomware attacks on their organization since the pandemic began; 42 percent reported an increase in video conferencing attacks, 40 percent reported increased malware attacks; 35 percent reported increased phishing; 32 percent reported increased user error or accidental tampering or deletion; and 31 percent reported an increase in insider attacks.

As threats increase in numbers and complexity, relying on prevention alone is insufficient. Organizations must protect data with air-gapped, long-term backup in the cloud. Multi-layered ransomware recovery features provide improved ways – including better visibility, automation, and orchestration – to prepare for and respond to incidents. When integrated with existing security information and event management (SIEM) and security orchestration, automation and response (SOAR) tools, the air-gapped backups enable rapid and secure recovery from ransomware attacks.

Empowering benefits

In the aforesaid survey, 67 percent ITDMs reported that the time to recover data has increased since the pandemic began. Deploying multi-layered ransomware software can empower organizations with visibility and detection of access, and mitigate unauthorized or non-compliant administrative access into the backup environment. The software gives alerts on detecting unusual data activity. It leverages Machine Learning to detect potential ransomware activity and identify last-known good snapshots for recovery. In case of an intrusion, it lets you act quickly by searching and deleting malicious files across all endpoint backups to prevent re-infection, including bulk scanning for Indicators of Compromise (IOCs). It allows SOAR integration for centralized response and recovery via ransomware recovery playbooks. Its enhanced recovery capability features scan for malware during recovery to prevent re-infection from hidden malware files and allows orchestrated recovery with flexible options. It also automatically creates a recovery snapshot from the last-known good snapshots at the backup and file level.

Best practices to safeguard emergency remote working

Finding the source of the attack is important for identifying the infected computers in the system. Shutting down everything saves the unaffected systems in the network. The importance of data access for business survival is underscored by the fact that 25 percent ITDMs said their company wouldn’t go more than 3-4 hours without data access before causing serious harm to the business. Having a Disaster Recovery as a Service (DRaaS) in place can help save time and avoid delays in conducting business by continuing work on unaffected systems even if there is an attack. The Covid-19 outbreak has showed that prevention is better than cure; the same applies to data protection strategy. Creating awareness about the different types of ransomware among those who access these systems will help them stay alert to threats.

A resilient virtual landscape

Ransomware is becoming more sophisticated, evolving from encrypting data and deleting backups to extracting copies of data. The potential risks to organizations have correspondingly increased. Combating such attacks with a comprehensive solution that leverages multi-layered ransomware protection can help defend against data loss, accelerate incident response, simplify recovery, and reduce downtime.

As people inoculate themselves against the coronavirus and the economy recovers from the pandemic, companies should invest in onboarding a third-party SaaS solution to establish superior IT infrastructure that ensures complete data security. Building resilience against ransomware attacks will be immensely beneficial not only for organizations and their employees but also, ultimately, for the economy.


Please enter your comment!
Please enter your name here