There’s a ransomware attack on businesses every 11 seconds. The malware infects devices and holds the data inside hostage unless the users pay the ransom demanded by the cybercriminals. The damage is predicted to reach $20 billion this year alone. It can have a crippling effect on the business’s reputation, too: 59% of customers would likely avoid doing business with an organisation that had been cyberattacked in the past year.

Meanwhile, 25% will abandon a product or service for a competitor after a single ransomware-related service disruption, failed transaction, or instance of inaccessible information. It is a digital epidemic that is growing more sophisticated and is targeting backup data too.

“A lot of these ransomware attacks are also going after NAS storage devices because hackers know that companies, regardless of their size, are storing their backup data on these, as their last line of defence” said Florian Malecki, Vice President, international product marketing at Arcserve, in an interview with us recently. Arcserve is a global top 5 data protection vendor, provides the broadest set of best-in-class solutions to manage, protect and recover all data workloads, from SMB to enterprise and regardless of location or complexity. It has 19,000 channel partners and 235,000 customers across 150 countries.

“That means they’re finding ways to break into the company’s network to locate the NAS appliances and target them because they know that backup data is there. And if they can’t access it, organisations will face serious problems.”

The golden 3-2-1 rule of backup and recovery needs a plan B. The rule refers to having three copies of your data (a primary copy and two backup copies) stored in two storage media (example, disk, tape drive, NAS) and having a copy stored offsite, say in the cloud, for disaster recovery. Plan B adds a +1 to the rule – immutable storage.

“It is indeed very well recommended to follow best practice in terms of data protection, following the 3-2-1 rule. However, these days, organisations must implement the 3-2-1-1 rule. I’m adding another 1, referring to keeping a copy on immutable storage, whether  on-premise or in the cloud,” Malecki said.

“This means the data is safe and well protected because it’s stored on an immutable storage appliance. The benefit of on-premise storage is that when it’s time to recover your back-up data – whether being 20 or 100 TB -, it will be swift. Whereas, if you have to download it from the Cloud, it’s going to take a while, even though you might have a good internet connectivity. ”

Data stored on an immutable storage appliance cannot be overwritten, changed, encrypted, tampered with, or deleted by a ransomware

“Immutable storage ensure your data is well protected so that in the event of ransomware, it is immune to the attack.

Immutable storage solutions protect your data with continuous immutable snapshots, taken every 90 seconds. An immutable snapshot is a copy of the data that simply cannot be overwritten or deleted by ransomware. These snapshots are then consolidated hourly, daily, weekly, or monthly. Depending on the customer’s retention policies, whether being one day, one week, one month, so on and so forth, they could technically go back as close as 90 seconds,” Malecki explained.

“As a result when a customer uses the (Arcserve’s) OneXafe appliance to store backup data or unstructured data (like CAD drawings, research, surveillance camera, etc.) the data that is stored on to the OneXafe is immutable to ransomware in the event of an attack. That means the user will be able to recover 100% of the data! The key take away: in the event of a cyber-attack, the only way to recover 100% of your data is immutable storage.”

Educating users on recognising ransomware attempts, such as spear-phishing email, is one way of defending against the cyberattack. However, there is a need to raise user awareness to not be complacent in where they store their data and understand the extent of protection they are getting.

“Given what happened with the pandemic, and even before with remote working initiatives, many organisations are adopting Microsoft 365 or Google Workspace. However, they think their data is well protected and backed up by SaaS providers, but this is not the case. Microsoft and Google offer the applications, the infrastructure and the availability. They have a retention policy of 30 to 90 days, but they don’t offer backup and recovery,” Malecki observed.

“If you are victim of a ransomcloud, a type of ransomware that is targeting cloud-based SaaS applications (like Microsoft 365 and others), it is the responsibility of the organisation to back up their data, SaaS providers cannot be held responsible.

“In the Microsoft Services Agreement, it states that Microsoft recommends that customers regularly backup their content and data that they store on the Services or store using Third-Party Apps and Services.

So protecting SaaS-based applications data is the responsibility of the customers, not of the providers.”

Data security doesn’t stop at the perimeter. Backup and Recovery is essential to keep the business going in as little time as possible and at the closest point prior to the disaster.

Malecki said: “As we go forward, IT Security professionals need to include backup and recovery and immutable storage solutions in their overall strategy, in addition to the prevention measures. Therefore, if a company gets compromised, at the end of the day, the last line of defence will be the backup and recovery, as well as the immutable storage solutions that will help a company getting out of a very compromised situation.”

Click here for a partner in data protection that never lets down its guard and find out how to protect critical IT infrastructure from downtime, data loss, and ransomware.