Backup v ransomware: which wins?  If you read press releases and blog posts from backup vendors, the answer is obvious.  Backup wins; no contest.  Backup v ransomware isn’t even close.

This is “fake news.”  Which means it’s not true.  Or to put this more clearly, it’s cow excrement.  Like all fake news, it was created to bias the reader into a false belief system.

In a contest of backup v ransomware, ransomware wins.  Every time.  It’s not even close.

What is Ransomware?

Ransomware is malware that is a denial-of-access attack typically using encryption to prevent access to computer storage.

A more comprehensive definition of Ransomware comes from Wikipedia:

Ransomware is computer malware that installs covertly on a victim’s device (computer, smartphone, wearable device, etc), executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requesting payment to unlock it. More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer’s Master File Table (MFT) or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.

What is Backup?

Backup is the automatic procedure of making copies of data.

That’s really all there is to it.  Backup makes copies of data.  It does so automatically.  And that’s it.

Backup v Ransomware: Why Does Ransomware Win?

In the contest of backup v Ransomware, Ransomware wins.  Backup produces copies of your data, but with nothing other than “backup” you can’t tell anything about the recoverability of those copies of data.  Recoverability along with backup beats Ransomware; backup alone is relatively worthless.

Think I’m splitting hairs?  Think that recoverability is automatically implied in backup?  There are a lot of backup vendors who would like you to think so.  Their business model is built on making you believe this.  But it just isn’t so.  Each of the five recoverability factors below are crucial in winning against Ransomware.

  1. Make sure that your RPO (Recovery Point Objective) is defined such that you limit data loss.  For some that will be no more loss than a single day of changes to the data which means you backup once a day; for others, it may be as little as 15 minutes or less.
  2. Make sure that your RTO (Recovery Time Objective) is well-understood.  If it takes you weeks to get your tapes back from under a mountain, Ransomware wins during those weeks.  You should be able to get your data back in minutes or less.
  3. Make sure that your RTA (Recovery Time Actual) is being tested with every backup with automatic and orchestrated recovery assurance technology.
  4. Make sure you don’t run out of storage on your backup technology.  Advanced deduplication is key to ensuring you can put a lot of backup copies on your backup storage and don’t run out of retained backup copies you need to recover.
  5. And for goodness sakes, make sure that you don’t run your backup software on Windows.  Almost all Ransomware attacks are aimed at Windows.  I’ve seen situations where the master boot record is encrypted on a Windows-based backup system.  It’s ugly.  It’s also ironic, but it’s mostly just ugly.

Don’t be the victim of fake news.  Backup v Ransomware, Ransomware wins.  Backup + Recoverability v Ransomware, Ransomware loses.  Don’t automatically – or automagically – believe that backup implies recoverability.

As always, would love to hear your thoughts and questions.

Comments

  1. I think you are effectively splitting hairs, because the concept of backups implies recoverability.

    The problem is, There’s been a lot of snake-oil backup vendors over the years and loads of credulous, untrained buyers, enough that recoverability and backups are effectively separated in the current market.

    So the concept of backups should win against ransomware, but you are right, in reality, it loses.

    Disclaimer : We are a Unitrends customer, and we were hit by ransomware, we walked out with barely a scratch. Thank you, Unitrends.

    Sylvain

    1. It’s an interesting point about splitting hairs. The reason I called out backup separate from recovery is that I honestly see the concept of backup implying recoverability as not only flawed but dangerous. I think that IT professionals should hold backup vendors accountable for innovation and advanced technology around recovery assurance including recovery automation and orchestration. But with that said, I understand your point. Thanks tremendously for taking the time to write a reply.

Comments are closed.