We all know by now that it’s hard to prevent ransomware.
Everyone is trying to scare you about it, and for good reason. It IS pretty scary.
It’s not just something that security, backup, and disaster recovery vendors talk about. Even the FBI has gotten into the mix, issuing a public service announcement advising that anyone impacted should report their incident, and even offered up a few recommendations to help folks out.
Unfortunately, according to a report from PCMag.com, not all of their advice was appreciated:
“I think that the FBI has not helped the situation at all by coming out and saying that people should pay the ransom.”
It sounds pretty crazy, but I suppose I get it.
Wired.com ran a similar story showing some case studies for ransomware in the healthcare industry. Patient medical data has to be accessible immediately. It is critical to the business – and potentially to the life of the patient. So in certain circumstances, you may just have to pay.
Of course, Unitrends is a backup and continuity vendor. And like the healthcare case studies mentioned above, as well as a few situations on Spiceworks, backups can help people out of a jam if they’ve had data taken hostage by ransomware.
But should you prevent ransomware more proactively? Can your backups actually help you prevent ransomware?
The answer is absolutely! But how?
Automation and orchestration functionality is starting to grow in popularity with certain backup vendors. Some are pretty advanced and allow not only for recovery testing, but for automated isolation of workloads with built-in scripting to do just about anything from reporting to test/dev, and even disaster recovery compliance.
Unitrends calls this Recovery Assurance, and it’s pretty easy to set up a job that will automatically do security scans against your production applications – but using your backup data instead of production. It can spin up your applications in a specific order, isolate them from production, execute security tests, and automate reports and alerts immediately upon detection of an issue.
Now the reality is that you probably have security scanning software already. It is likely installed on the production applications in an attempt to prevent ransomware altogether. Of course, that’s a smart thing to do in most cases. However, it’s not always ideal. Security scans are intensive processes. Sometimes too intensive for a production application to meet its service level agreements (SLAs). Check out a few cases on reddit to see for yourself.
If you find yourself struggling to scan production servers, you are a great candidate for leveraging backups for these intensive processes. They have no impact on production applications. They can even be executed at a DR site or in the cloud.
Now you can be proactive, reduce impact to certain production servers, and put your backups to work to prevent ransomware from causing costly outages.