By Yuen Pin Yeap at NeuShield

On the matter of home repair, my dad would often quip, “Choose the right tool for the job.” Thus, one could often see him chiding a family member for using a shoe heel or saucepan as a hammer. They just weren’t designed for that purpose.

Protecting data against ransomware requires specialized solutions. The purpose of backup was to have a copy of data that can be recovered. Backup systems offer no protection for data or the computer systems themselves. Malware — like NotPetya, Bad Rabbit and Shamoon — can take over a computer’s boot process, encrypt the computer’s entire disk and erase all data on the drive.

Use The Right Tool For The Job

I certainly wouldn’t place my bet on a backup system if a ransomware attack occurs. Depending upon backup as a ransomware protection solution is like using a peashooter against a nuclear attack. Now, without question, backup is always recommended for preserving data in the case of disasters, data corruption or accidental deletions. But backup wasn’t designed to protect against cybercrime. In fact, most ransomware attacks target backup systems when they encrypt endpoint data to prevent recovery. To defend against ransomware, you first need to remove it from the devices, which backup cannot accomplish. Additionally, backup can’t determine if data is encrypted or not, so it will backup data encrypted by ransomware.

The onslaught of ransomware has caused some enterprises to deploy offline tape-backup as a defensive measure against malware. Unfortunately, tape-back solutions are costly, slow and labor-intensive, making them suitable for only the largest of organizations with big budgets and IT staff.

Whenever you try to fix a problem with an unsuitable solution, you create more problems. Because of the inability of backup to protect against ransomware, there is a growing industry trying to overcome backup system limitations, none of which completely solve the problem and with each having its own challenges.

Endpoint security products from Bitdefender, Check Point, CrowdStrike, SentinelOne, Symantec and many others are the first line of defense to thwart ransomware attacks. But hackers are becoming increasingly more stealthy, sophisticated and evasive, limiting anti-malware’s ability to effectively defend against all of the growing threats.

Malware security solutions target threats rather than protect the target of the threats — the data. It’s simpler and more effective to concentrate on a few things rather than trying to address hundreds or even thousands. That’s the problem with most security initiatives, with unrelenting malware attacks getting through, daily.

I’m not suggesting we don’t need backup or anti-malware solutions. In fact, we do. I’m simply pointing out that we need targeted solutions that deal directly with vulnerabilities in the most effective ways possible.

Ransomware Targets Data Wherever It Resides

Enterprise data is at risk, whether it’s in the cloud or on-premises. Cloud drives like OneDrive, Google Drive, Dropbox, and Box.com are used for storing and sharing data. These cloud drives synchronize files in specified folders with those in the cloud. Unfortunately, when these become encrypted or damaged by ransomware, they are then sent to the cloud, where they can spread to other devices that share the cloud drive.

The Cost Of Unprotected Data

Ransomware attacks can be expensive and damaging, disrupting more than data and devices. They impact employees, customers, business partners and the business as a whole. There are many hidden costs and consequences that quickly mount, adding to the disruption after an attack.

Recent research has shown it takes, on average, approximately 16 days to restore a network after an attack. Attackers attack as many systems as possible in an attempt to spread their malware to as many places as possible. A single ransomware attack can impact a significant number of users within an organization. This causes IT teams to become overwhelmed and unable to handle all the requests in a timely manner. They now have to reimage computers, restore data from backup (assuming the backup wasn’t breached), reapply patches and install new software.

As you can see, the extent of the damage is not always limited to the ransom demand. Additional costs can include:

• Hiring consultants to perform internal reviews and forensics of affected computers.
• Retraining employees after an attack.
• Losing employee productivity across multiple departments.
• Having corporate secrets lost or destroyed.
• Losing existing and new customers.
• Damage to brand reputation.
• Regulatory fines from compromised consumer data.
• Higher cybersecurity insurance premiums.

Rapid Business Rebound And Damage Control

After a ransomware attack, the organization must immediately return files and devices back to their pre-attack state. This can be difficult and time-consuming with backup systems. However, by targeting protections directly on the data, you can eliminate the impact of threats.

One effective approach to data protection and rapid recovery is to essentially create an image of the data within an undetectable overlay that acts as armor. With this approach, the attacker only gets access to the data within the overlay. The original data is preserved and protected. Then, with the click of a button, the original data can be immediately rolled back to its pre-attack state, essentially rendering ransomware threats impotent.

To get back up and running quickly and undo the damage, we must first protect our data and devices by directly locking everything down. To accomplish this requires enabling mechanisms like boot, disk, file, and cloud drive protections, as well as file and operating system restore.

When your target is a round hole and your solution is a square peg, you aren’t going to be successful. Data backup was never designed to protect against cyberattacks like ransomware. It was created to restore data when a computer fails, data is corrupted or a hard drive fails. If your organization gets hit with ransomware, don’t place your confidence solely upon backup. Deploy technology that will directly protect your data and enable a rapid rebound for business continuity.