So far in 2020, the ransomware threat has escalated to a new level in terms of the volume of attacks and the number of ransom demands. And the danger is only going to continue to increase. The questions organizations need to ask themselves right now are: how do we prevent a ransomware attack and recover data without paying a ransom if an attack breaches their organization.
Have Layers Of Defense
The best defense against ransomware and other advanced threats is to deploy multiple layers of security. For ransomware, in particular, you need to deploy email protection to defend against phishing, protect credentials, and protect your applications and access to those applications. It builds a comprehensive data protection strategy with backup solutions that protect data on-premises and in the cloud.
Avoid multi-vector attacks
Attackers are now taking a more sophisticated multi-vector approach. Attacks often start with a spear-phishing email, but today’s ransomware attacks aren’t triggered immediately when the target clicks the malicious link. Instead, cybercriminals use this step to steal the credentials of the victim. The credentials are then used to access the organization’s network and lurk there, evaluating assets, servers, databases, and the email platform. This surveillance can last for months before they unleash their attack.
Your backup solutions must focus on attackers during the ‘lurking’ period when they are exploring your network. The backup admin console is significant because it gives them access to backup schedules, configuration, retention policies, and the ability to start deleting things.
Attackers also target backup storage itself, hoping to delete your primary backup server and any secondary disaster recovery backup copies you maintain. Once they capture Active Directory passwords so that no one can log in to their accounts, that’s when they can pull the trigger to be in control.
What you need in your backup solution
To mitigate risks associated with ransomware, you need a comprehensive backup solution that provides the following:
Immutable storage — Even if the attacker gains access to your backups, he can’t modify or delete that data.
Multi-factor authentication (MFA) — Secure the accounts and credentials used to access the backup.
Zero Trust Security — Make sure you use a Zero Trust Security system to revoke all data access and use Anchor to encrypt each file individually.
Air-gapped cloud — Maintain a copy of your backup in a secure cloud that resides on an isolated network.
Multiple backup copies — Replicate your on-premises and cloud backups to another location.
Centrality provides all of this and more. Our solutions increase the resiliency of your backup and reduce the number of ransomware attack surfaces in your environment. Contact us today at 502.267.2552 to learn how we can help.