The rapid rise and evolution of malware, especially ransomware has changed data protection forever. The conventional wisdom has been for years that the best way to defeat malware and ransomware is to have a good clean backup. The malicious actors behind malware in general and ransomware specifically know this and are now both attacking backups and using them as an attack vector. Multiple overlapping data protection systems provide more potential attack vectors that compromise security.
Security Processes
The latest variations of malware and especially ransomware, are smarter than ever utilizing data protection/backup systems as attack vectors. They don’t necessarily detonate and start their harm immediately. They take time to gestate to eliminate data protection/backup defenses. They first utilize the infected system’s credentials to spread to other systems as far as it can. It repeats this process for each newly infected system until it can spread no further. It then attempts to delete the backups, snapshots, or replicas. These files are well known. Data protection/backup software also have published APIs that the malicious software utilizes to erase the backups. When the malicious software detonates, there are no backups, snapshots, or replicas to recover from.
Overlapping data protection/backup systems are mistakenly believed to mitigate the risk. The perception there is safety in numbers. The malware or ransomware may delete some backups but not all of them, is the rationale. However, the harsh reality is that they elevate data loss risk because of the increased number of attack vectors. And the malware or ransomware is looking for all the backups to delete not just one specific type. Every data protection/backup vendor is under siege.
Worse yet is that the malicious software has continued to evolve to bypass backup deletion defenses such as 2FA and immutability. They now do what is called an attack-loop. Attack-loops occur when the infections are showing no symptomatic clues of the infection and are backed up with all the other data. When the infection actually detonates and a recovery is enacted, the recovery will reinsert the infection back into the systems detonating again and again.
Rooting out infections from multiple data protection/backup systems is a highly labor-intensive manual process that can take days, weeks, even months to alleviate. Consider that the malware/ransomware may have been dormant for months being consistently backed up during that time. The question becomes how can data afford to be lost? One month, two months, 6 months? What is the cost of that lost data? Is it then cheaper to pay the ransom? But in paying that ransom it marks the organization as a payor, making it likely to be hit again and again. And there are no guarantees the data will be returned.
The best way to counter this new wave of malware and ransomware is to have a multi-pronged backup defense. The first defense is to limit the number of potential attack vectors meaning there has to be fewer active or passive data protection systems. The next prong needs to make it extremely difficult to delete any backups utilizing two or more factor authentication. The third and final prong is to put security in place that prevents ANY malware from entering the backup stream OR recovery stream to prevent insidious attack-loops.
To learn more contact us at: info@asigra.com
Asigra Software v14.x
The Asigra Software is architected from the ground to meet the very large-scale requirements of managed service providers delivering backup as a service (BaaS) and disaster recovery as a service (DRaaS). Asigra continually leads the market in comprehensive solutions. From file to image backups; instant or single file recoveries for any hypervisor, physical, virtual machines, cloud instance, SaaS, and Docker containers; laptops – protect, geo-locate, and remote wipe; repurposing of backup data for DevOps, TestDev, Search, and analytics; intuitive management interface; variable RPOs and RTOs; deduplication, compression, encryption, and more.
More importantly, Asigra Software is the first and only data protection/backup today that prevents malware and ransomware from being backed up or recovered. It stops attack-loops in its tracks. Several others detect detonations and notify that an attack is in progress, but do not detect or prevent infections in the backup and recovery streams. Asigra Software additionally prevents malware, ransomware, or disgruntled employees from deleting backups without proper multi-factor authorization. And Asigra Software is the first to enable the “right-to-be-forgotten” PII compliance for GDPR, PDPA, CCPA, and others in backups with documentation of what, who, when, etc.