Imagine your company or organization grinding to a halt because you cannot access your data or key systems. It’s a terrible image but one that is the reality for many people in the c-suites or IT departments of numerous organizations. It could be your reality at any moment because of increases in cyberattacks generally, and ransomware specifically.
Malware is a threat to us individually and on the organizational level. But threats keep evolving, and one of the more recent and devious twists has been ransomware attacks. Cybercriminals are taking data hostage.
Ransomware isn’t new. It first appeared over 30 years ago and began going mainstream about a decade ago. But it was only in 2017 with the WannaCry attack that ransomware began to heat up.
You can’t afford to ignore ransomware. In its “State of Ransomware 2021” report, Sophos surveyed thousands of IT decision-makers across 30 countries, and over one-third (37%) said they’d been hit by ransomware.
But understanding how to protect yourself from this villainous tool — and how turning to Tintri can help — also means understanding ransomware itself.
Ransomware can be dangerous to your organization. This kind of malware takes your organization’s data hostage, and the attackers demand money for its safe return. These attacks directly and adversely affect employees (who can’t produce) and customers (who subsequently cannot rely on your products or services).
Dealing with ransom situations is always tricky, because if you pay you’re still trusting people who are inherently not to be trusted. According to the Sophos survey, the average bill for rectifying a ransomware attack is $1.85 million, and although an increasing number of companies are paying the ransoms (an average of $174,000 per attack), on average only 65% of data was restored.
Ransomware attackers have absolutely nothing in their possession, yet they’ve still locked you away from your data. However, the data itself can be the key to swiftly recovering from an attack.
You still have data — slightly older but clean copies of it. You can restore your systems with that data, so you don’t have to resort to paying criminals who may or may not return all (or any) of it.
Find the Zero Point
The big challenge in restoring your systems with data backups is that you need to know when the ransomware attack began, so you can tap into the most recent safe data backup.
At this point, viewing ransomware as an infectious disease can help you understand how Tintri helps you protect against these kinds of cyberattacks. When human epidemics break out, health officials often search for “patient zero.” They want to find out who the first infected person was, so they can better understand who was infected and how the disease might spread. Knowing such things makes both containment and treatment easier.
This kind of thought process can help during ransomware attacks. A speedy recovery for your affected computer systems relies on an iterative restoration to find the right recovery point for the attack: the “zero point.” Traditionally, solutions for such a task mean weeks of lost time and millions of dollars in lost revenue.
Efficiency matters. The recovery process with Tintri can potentially be done in minutes — saving you crucial time and resources.
A Trail of Evidence
To understand how VMstore from Tintri can help, imagine criminal investigations. If you’ve been hit by ransomware, you’re the victim of a crime. Solving that crime and getting your life back to normal requires sifting through evidence and interviewing witnesses.
Your data history is the evidence, and your systems and devices are your witnesses. VMstore offers a flexible, granular view of your data over time, so you can see what’s happening and have a higher chance at restoring it.
The problem with traditional recovery techniques from a backup is how slow the process is. It’s also extremely costly, not to mention finding the proper restore point is difficult. VMstore affords VM-level snapshots with support for more than 100 per-VM snapshots. These can be stored locally or in the cloud, giving your organization ample opportunity to find the best snapshots for recovery.
In addition, VMstore’s SyncVM function helps you easily move between recovery points. This can help you gain a more accurate view of when VMs were infected, so you can restore them more accurately. You can see what happened to each VM historically and in real time, spot any inconsistencies and anomalies, and ultimately locate your restore point.
Ransomware isn’t going away. According to the Sophos survey, there was a minimal drop in attack prevalence between 2017 (54%) and 2020 (51%). In 2021, with Sophos only having two months of data to report, the number had already hit 37%.
This is a growing problem. Your organization is a target, no matter what size it is. Although larger organizations are more likely to be attacked (those with between 1,000 and 5,000 employees represent 42% of targets), organizations of between 100 and 1,000 people still account for one-third (33%) of attacks.
Additionally, no sector is safe. While the CrowdStrike “2021 Global Threat Report” noted that industrial, engineering, manufacturing, technology, and retail were the biggest targets for ransomware attacks, it showed that healthcare, along with financial and professional services, were also significant targets. Even non-profit and government sites fall victim to ransomware.
Now that you better understand the threat, consider Tintri as your partner in reducing that threat to your data, employees, customers, and stakeholders.
The last thing you need is a real-life nightmare: your business comes to a complete standstill, while a cybercriminal demands money for data. You can’t trust the offenders, but you can trust Tintri to help you protect against them.
For more information about Ransomware Recovery with Tintri VMstore, read the DCIG technology report and watch the Geek Out! webcast.