Ransomware attacks are skyrocketing, fueled by the rise in remote work during the pandemic. There were more than 300 million ransomware attacks during the first half of this year — up 151% over 2020 — according to the 2021 Cyber Threat Report from security firm SonicWall. A recent global survey of 5,400 organizations by Sophos found that 37% of respondents had been struck by malicious software within the past year. About one-third of the victims paid the ransom, averaging $170,000, but even those who didn’t pay incurred huge losses when malware brought their operations to a standstill, sometimes for weeks on end.
Experts expect the trend to accelerate as bad actors launch ever-larger, more sophisticated attacks. Many of the IT executives surveyed by Sophos agree — two out of three of those who did not suffer an attack last year expect that they will be victims in the future.
However, there is good news on the horizon. In 2020, 41% of companies had most or all of their environment in the cloud, and that number was expected to grow to 62% within 18 months, according to the IDG Cloud Computing Study 2020. Used properly, the cloud can provide very strong protection against ransomware attacks.
But before we talk about how the cloud will protect against ransomware in the future, let’s talk about the current situation. Most enterprises rely on backup software as their primary defense against cyberattacks, but even a state-of-the-art system won’t adequately protect them from the disruption and cost of a ransomware attack. It can take days or weeks to fully restore compromised data in a traditional backup and disaster recovery (DR) setup, especially for large organizations with terabytes of backup data that must be painstakingly copied to a rebuilt server. During that time, business operations are curtailed, if not halted.
Sophos reports that even businesses that pay up don’t get back as much as one-third of their data, and industry statistics show that victims are often hit with another attack. And backups are not an ideal solution for a speedy recovery from a ransomware assault — or from any data breach or disaster. The real issue isn’t whether the files can ever be recovered — they can, eventually — but how long it will take to make a business fully operational again.
With traditional backup, the answer is: too long. There are other tools that can make the recovery process faster and easier.
Look to the cloud
Once a ransomware attack is discovered, in most cases, the immediate reaction to an attack is to turn to backups. IT begins the laborious process of copying over clean files to a restored server to move them back into production. With a VM or database, the process might not take too long, but rebuilding a file server that houses multiple terabytes of data can be weeks even with today’s fast data transfer speeds. If malware somehow managed to infect the backup files before the breach was discovered, the restored files are useless, and the process must begin again.
File system versioning offers an alternative to traditional file backup — but there’s a caveat. Traditional block-based versioned storage area networks (SANs) provide a limited number of versions or snapshots, so they are effective only if a breach occurred a few days earlier. Given that attacks can typically escape notice for more than a week or multiple months, businesses are forced to rely on backups to restore their file servers.
There’s a better option: a versioned file system that lives in the cloud, with an unlimited number of versions.
Cloud-based versioning is as durable as backup. It’s also more secure and offers superior recoverability. Multiple versions of files are stored in object storage as immutable objects, meaning they cannot be encrypted by ransomware. It is scalable, high-performance, and cost-effective. Through the use of sophisticated software and storage snapshot technology, it’s possible to re-build a file system that has the same look and feel as the familiar file share.
Cloud-based file systems aren’t limited in the number of versions they can store or in how far back in time these versions can exist. And because they are stored as a series of immutable snapshots, no malicious attack can alter or encrypt them. The upshot? As more enterprise infrastructure goes to the cloud, the less likely it is that a ransomware attack will be able to cause severe damage.
Certainly, a cloud-based file system will often need a hybrid infrastructure to reduce latency and provide performance. But even then, the protection against ransomware attacks is profound. The local appliances only need to keep a copy of the active set of file data, with changes sent to the cloud and then propagated out to other local appliances. If an attack encrypts data on a local appliance, recovery is simple. All IT needs to do is point the appliance back to the most recent, healthy version of the file system. That procedure takes no more than a few minutes, and everyone is productive once again.
The relentless march to the cloud is good news for CIOs concerned about ransomware. And once most enterprises have most of their infrastructure there, ransomware attacks will become an occasional annoyance, not a catastrophic disaster.