Not logged in » Login
Nov 18 2021

Are you prepared for a ransomware attack?

It’s no longer reasonable to plan for immunity from ransomware attacks. And if the worst happens, and a ransom is paid, there’s no guarantee your data will be in the same state as when you lost it. Fujitsu advises how to recover data if the worst happens.



Are you prepared for a ransomware attack?

Ransomware hurts on so many levels. It’s not just the money – usually bitcoins - you have to hand over to get your data back. There’s revenue loss, trust loss and reputation loss to factor in as well. We are starting a series of blogs about the hot topic ‘Ransomware’.

The first blog outlines how to transform your security posture to address this rapidly growing threat, avoid downtime in the event of an attack, and heighten trust in the technology that underpins your organization. 


No longer confined to the unprepared

Maybe you still think that ransomware is only a problem for organizations that don’t take security seriously?

When ransomware first hit the headlines, it involved user organizations where basic security precautions were missing. Some were still using unsupported Windows XP endpoint devices. Things have moved on considerably since then. Sophisticated IT organizations are now victims – targeted as channels to infect their customers.

In July, a ransomware attack perpetrated by the REvil group, caused widespread downtime for more than 1,000 companies by targeting Kaseya, an American software company, which develops solutions for managing networks, systems, and information technology infrastructure. The outbreak source was identified as the company remote monitoring and management software package, where a vulnerability allowed attackers to distribute a malicious payload through managed hosts. According to reports, 800 supermarket chain stores in Sweden had to temporarily close as a result of the Kaseya attack, as they were unable to open their cash registers.

Equally embarrassing was a Conti ransomware attack on ExaGrid, a backup storage services provider that claims to offer the industry’s best ransomware recovery service. Exagrid’s attackers could show the personal data of clients and employees, commercial contracts, NDA forms, financial data, tax returns and source code. It became even more embarrassing for ExaGrid when the backup appliance supplier accidentally deleted the decryption tool and had to ask for it again.


How to avoid downtime from a ransomware attack

As these examples show, it’s no longer reasonable to plan for immunity from attack. And if the worst happens, and a ransom is paid, there’s no guarantee your data will be in the same state as when you lost it. Not all data is returned or, indeed, returnable. Files are often deleted or altered – or contain further infections. It’s a highly challenging outlook for IT departments, not to mention the cost.

Your focus should be on how to recover if the worst happens. Fujitsu advises addressing these in three steps: Detect, Protect and Recover.

Detect – the longer ransomware is undetected in your system, the more damage it can inflict. One of the best ways to identify suspicious activities – especially in backed-up data – is to look at the deduplication process. If data is not getting de-duped and compressed properly during backups, then something is wrong.

Protect – Once an attack is detected, take precautions to stop any further damage and maximize your ability to recover data and applications without being held hostage. This puts a high emphasis on second-by-second granularity to minimize data loss. Mirroring is not an acceptable form of recovery in a ransomware attack, as you only will be recovering encrypted files. Better approaches are snapshots, omni- or bi-directional replication, immutable backups, and moving the data to cloud and tape to create an “air gap” that isolates backup data from your infrastructure.

These different approaches should be deployed in a multi-layered data protection environment to neutralize ransomware threats effectively. This is commonly called the 3-2-1 backup rule, which says keep at least three copies of your data, with two backup copies on different storage media, with one of them located offsite.

Recover – Where data has already been encrypted and can no longer be protected, how do you recover? The standard response is to go to the backup – but the backup data itself may well be impacted as ransomware attackers are now targeting backups as well as production data.

The task, then, is to identify your last good backup and restore from there. When thinking about how often and how much to backup, two helpful concepts are the recovery point objective (RPO) and the recovery time objective (RTO). The RPO defines how much data you are prepared to lose, and the RTO defines how long it should take until your business is back up and running.

Both metrics help to design a recovery process that matches SLAs and will vary per organization. Banks, for example, will be looking for numbers as close to zero as possible. In other sectors – the public sector, for example, where compliance requires access to vast quantities of data spread over years or decades – the approach is likely to be different.


In the next blog we’ll look at creating a strategic plan to address the threat of ransomware and meet the requirements discussed so far.


Helga Eppig


About the Author:

Helga Eppig

International Product Marketing Storage, Fujitsu


Comments on this article

No comments yet.

Please Login to leave a comment.


Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now