Ransomware is malware that encrypts a user’s or an organization’s critical data so that files, databases or applications cannot be accessed. A ransom is then demanded from the victim to provide access to their data.

Ransomware is usually designed to proliferate across networks and target database and file servers in order to paralyze an entire organization. Newer variants are now designed to also target backup servers, their metadata, configuration files, and backup data in order to keep users from being able to recover their data.

Ransomware typically lies dormant for a time as it makes copies of itself and spreads trigger files, often with different names, to as many systems as possible. This ensures the trigger files will get backed up numerous times so they will be restored in the event of any future recovery efforts on the part of the users. At a pre-programmed time, the trigger files activate and begin encrypting any file they can access. New ransomware variants may also encrypt files slowly, a few at a time, in order to avoid detection by software that monitors the rate of change occurring in the file system.

Ransomware is an ever-growing threat that generates billions of dollars in payments to cyber criminals while inflicting significant expenses and damage to businesses as well as government organizations.

No. Ransomware is an ever-growing threat to businesses and organizations worldwide as cybercriminals/hackers continue to evolve their malware. Ransomware operators, in a variation of the software as a service (SaaS) model, even provide ransomware as a service (RaaS), which can be used by anyone for a percentage of the ransom they collect from their victims.

Ransomware attacks have continued to increase in frequency and size since 2016, as cybercriminals shift their focus to exploiting outsourcing services like Managed Service Providers (MSP), which serve many clients at the same time. If cybercriminals can gain access to an MSP’s network, they can also reach the MSP’s clients as well.

Cybercriminals are also targeting vulnerable industries like healthcare, educational institutions, finance, and insurance, as well as municipalities and various government agencies. The number of reported attacks and ransoms paid has increased significantly in 2020 and 2021. 2022 will be no different as cybercriminals find new targets and continue to evolve their malware and tactics.

Some disturbing ransomware figures to consider:

• It is reported that ransomware cost the world $20 billion in 2021. That amount is expected to increase to $265 billion by 2031.
• It is also reported that 37% of all businesses and organizations were hit by ransomware.
• Reports indicate that it cost businesses $1.85 million on average, to recover from a ransomware attack in 2021.
• It is also reported that 32% of all ransomware victims paid the ransom but only got approximately 65% of their data back.
• Another report showed that only 57% of businesses hit by ransomware were successful in recovering their data by using a backup.

Needless to say, the ransomware threat is going to be around for the foreseeable future and organizations need to look for solutions that provide them with ironclad ransomware proof protection for their data and their backups.

An organization’s threat exposure window is usually referred to as the Recovery Point Objective (RPO). The RPO is the maximum amount of data —as measured by time—that can be lost after a recovery from a disaster or hardware failure before the organization suffers irreparable harm. The RPO is an indicator of a business process or organization’s data loss tolerance. This data loss is usually measured in terms of time like 10 hours or 5 days’ worth of data loss.

The RPO determines the maximum age of data or files in backup storage required to meet the objective specified by the RPO in the event of a network or system failure. The loss tolerance of an organization or how much data it can lose without sustaining significant harm is related to the RPO and is usually stated in an organization’s business continuity plan (BCP). This plan also sets forth the procedures for disaster recovery planning which includes the acceptable backup interval, which refers to the last point when the organization’s data was stored in a usable format.

Immutable storage is a storage device (flash or hard drive) whose contents, once written, cannot be changed, overwritten or deleted by anyone or any process. The data is essentially stored in a write-once-read-many (WORM) format. Some immutable storage providers allow you to set a specific retention period for the data before it can be modified or deleted. Immutable storage offers the highest level of data protection for your business.

Storage silos are independent individual storage systems, each of which is usually dedicated to a specific data storage use case. Depending on the use case, these storage systems often come from various different providers and use different management software and protocols. Each storage system has to be implemented, operated, maintained, managed and protected separately. Storage systems with limited protocol support make it difficult to move data to other systems that use a different protocol.

As the number of silos increases so does the cost, complexity and time needed to manage them. It also increases the difficulty and cost of protecting each of them efficiently and effectively.

Backup metadata is data that provides information about backup data which includes indexes and configuration files of the backup software. Metadata is critical for restoring data from backups. It is now frequently targeted by ransomware attacks and should be properly protected by making it immutable. Without the backup metadata, restores can be extremely time consuming or even impossible in some cases.