These days it’s not even enough to just have backups, as some ransomware variants are—I am told—actively targeting the backup systems themselves, and thus robbing customers of an effective recovery option. The backup systems themselves need to be resilient again malware infections, and a variety of data protection vendors are investing in this direction.
Mid-market backup vendor Arcserve has announced a partnership with Sophos to provide malware scanning on its products, helping to keep the data safe from infection, and also to provide early warning of potential threats.
“There are multiple versions of ransomware that delete very specific backup types,” says Sam Roguine, Director, Solution Marketing and Enablement at Arcserve. “Often the ransomware goes after the backups before it starts encrypting.”
By including Sophos’ security products on the Arcserve appliance itself, Arcserve is able to detect and stop a ransomware attack on the backup infrastructure itself, preserving the ability to recover from an attack if it should manage to bypass other protections in the environment.
Multiple other data protection vendors have been adding anti-malware protections into their products as well. Carbonite recently acquired security vendor Webroot and Carbonite is adding Webroot’s malware protection capabilities into its products.
“We’re seeing a trend of bad actors trying to get into the backup systems,” says Tim Sheahen, Senior Director of Sales at Carbonite. “We’re putting measures in place to make sure those are protected.”
Malware is some of the best advertising data protection companies could have wished for, though it’s a form we’d all prefer didn’t exist.
Good backups (or robust disaster-recovery/business-continuity systems) provide a solid and proven way to recover if you’re unlucky enough to get hit with malware. Too often data protection is an afterthought, a particularly boring kind of insurance that no one wants to think about.
Until, quite suddenly, it’s the very opposite of boring.
Dealing with a ransomware attack is the kind of exciting you really don’t want to experience. While it’s easy to look at what should have been done to protect yourself in hindsight, it can be hard to prioritise when the daily grind makes so many demands of both executives and IT.
This is an explanation, but it’s not an excuse.
While every lazily written post-breach press release loves to include the clichéd phrase “we take security seriously” the time to do that is before you get infected. Increasingly that means making sure you have working and tested data protection systems. This has always been true, but the threat of ransomware isn’t going away. There is too much money to be made, and people respond to incentives.
There is a day, out there in the future somewhere, when ransomware will come knocking at your door.
If that horrible day ever arrives, I hope you did the work to make it as boring as possible.