The Ransomware Epidemic
Unless you live under a rock, you are probably aware of the increasing threat of the ransomware attacks that are plaguing global enterprises of all kinds and size. However, the acceleration of the sheer volume of these attacks can be surprising: In 2021, there were over 623 million known ransomware attacks, which represented more than a doubling from the previous year. Putting that number into something more digestible, it works out to nearly 20 ransomware attempts every second, according to a SonicWall study.1
Ransomware attacks are growing in multiple dimensions as well, as the number of variants is also growing. This year, popular variants including Ryuk, SamSam and Cerber all increased year over year with a host of new variants waiting in the wings for their 15 minutes of infamy.
Limited Protection From Backups
It is easy to be lulled into a false sense of security regarding ransomware, particularly for enterprises that are diligent about backing up their data centers. Unfortunately, most traditional backups offer little to no protection from this scourge. Let’s look at the two broad backup storage classifications: disk-based backup and deduplication appliance.
First, disk-based backup storage, although fast, is by definition network facing, which leaves those backups vulnerable to encryption by ransomware as much as production environments. Deduplication appliances are also network facing and thus at equal risk of attack. Simply, any network-facing backup storage is at risk and can be deleted or encrypted by ransomware. What’s worse, all previous backups of these types, including monthly retention and annual backups, can easily be compromised by deletion or encryption during a ransomware attack.
ExaGrid Tiered Backup Storage: Retention Time-Lock vs. Ransomware
Fortunately, there is a third approach to backup storage that can enable rapid recovery from a ransomware attack. ExaGrid’s tiered backup storage separates two tiers—a performance tier and a repository tier—delivering a number of benefits to organizations that want to take a belt-and-suspenders approach to recovering from ransomware attacks.
Although ExaGrid’s performance tier is network facing—which enables the fastest possible backups and restores—the repository tier is not network facing. That provides a virtual air gap that prevents ransomware attacks from penetrating and permeating through previous backups stored on that tier, protecting the backup data so recovery can occur after a primary storage ransomware attack.
Since the deduplicated, long-term repository tier is not network facing, there are two ways that ransomware is thwarted:
- ExaGrid’s Retention Time-Lock (RTL) causes delete requests to be delayed for a user-defined period, which means ransomware requests to delete files will not occur until that time frame (days, weeks, or other) has passed. This prevents outright deletion of previous backups if backups in the front-end performance tier are deleted or encrypted.
- Also, every object in the retention tier is immutable and therefore is never changed, modified or deleted, allowing it to maintain its integrity and be ready for a recover after a primary data ransomware attack. There is just no way for ransomware encryption to compromise an immutable object.
As a result, organizations that implement ExaGrid tiered storage are doubly protected. Even if a ransomware attack is successful, cybercriminals can never delete backups in the retention tier, and if a ransomware attack successfully encrypts the front-end disk-cache landing zone in the performance tier, the data in the repository is still immutable, which means the retention objects are never deleted, modified or changed.
1 “SonicWall Threat Intelligence Confirms Alarming Surge in Ransomware, Malicious Cyberattacks as Threats Double in 2021,” SonicWall, Feb. 17, 2021