Source: The Complete Guide to Ransomware
When it comes to relying on backup systems to restore encrypted or compromised files, it’s always good to have, well, a backup plan. Backup products have come a long way, but there’s always room for failure. And backup failure in the case of an emergency leaves you and your company up a creek without a paddle.
The following backup failure statistics and stories of attempted recovery gone wrong make the case not only for improving your backup system, but keeping your company safe with additional layers of endpoint protection, too.
Recovering from ransomware: Does your backup actually have you covered?
September 28th 2016: Marin Healthcare District reported a ransomware attack that occurred in July 2016. During the attack, Marin providers were unable to access patient data for more than a week. What’s worse, they lost two weeks worth of data because their backup system failed. The data of 5,000 patients collected at MHD’s nine medical centers was lost.
January 5th, 2017: The Texas-based Cockrell Hill Police Department announces they have lost 8 years worth of data, including evidence pertaining to ongoing investigations, due to a ransomware attack that infected their server. They were unable to recover the data from backups because their backup procedure kicked in shortly after the infection, replacing the previously backed-up files with copies that were now encrypted.
Organizations often make the mistake of thinking backup alone can make them impervious to ransomware. The stats and stories tell otherwise.
1) One third of IT managers have lost data while migrating between devices or upgrading operating systems
Source: Knoll Ontrak
Knoll Ontrak surveyed 572 IT administrators in March 2016. They found that some of the top reasons it was hard for IT managers to recover from backup failure was that their backup wasn’t current or operating correctly.
2) While 57% of IT managers have a backup solution in place, 75% of them were not able to restore all of their lost data
Source: Knoll Ontrak
In fact, 23% of people with a backup solution in place weren’t able to recover any data at all. These findings were similar to those they found in the past three years of surveys, where over half of consumers and businesses reported data loss even when a backup system was in place.
3) Prior to a ransomware attack, 4 out of 5 organizations are confident backup can provide them with complete recovery
Barkly surveyed IT pros from over 300 organizations in May 2016. We found that nearly 100 percent of respondents reported they were actively backing up their data. 81% who hadn’t experienced a ransomware attack were confident they would be able to recover any data attackers encrypted from backup without paying the ransom.
4) Less than half of ransomware victims fully recover their data, even with backup
When we followed up with respondents who had experienced a ransomware attack, only 42 percent reported being able to successfully recover all their data from backup.
The Top Reasons Backups Fail
Why isn't recovering from backup a sure thing every time? Here are some of the most common reasons organizations aren't able to fully restore their data.
1) You’re only as good as your last backup
Very few backups offer continual backup, and the ones that do are extremely expensive. The vast majority back data up once a day, week, or month. That means unless you’re lucky enough to be restoring immediately after the last backup was made, you’re going to lose data.
Whether that’s a day’s, week’s, or month’s worth of work depends on your settings. And how critical that work was to your sales, marketing, engineering, or senior management team may dictate
2) Actually, you're only as good as your last tested backup
Schrodinger's Backup: "The condition of any backup is unknown until a restore is attempted."— Tess Schrodinger (@TessSchrodinger) November 16, 2014
In other words, if you haven't tested your backup and made sure the restoration process actually works like you expect it to, then it technically exists but also doesn't exist at the same time.
3) On third thought, you're only as good as your last tested, secure backup
Don't forget that during a ransomware attack your backups are subject to encryption, too. If the ransomware can reach them — via network drives, shared storage, etc. — it will turn them into useless strings of gobblegook, too.
Make sure your backup is 3-2-1 compliant — you have three copies of your data in two different locations, one of which is offsite.
4) Your users can store data in places you're not backing up
More and more often, users are leveraging free cloud storage as a way to have easy access to important documents and data. They can be storing data in Google Drive, a personal Dropbox, or other shadow IT solutions you're not aware of. Even if you're not technically responsible for managing those systems you're still going to be expected to help if that data gets hits by a ransomware attack.
What are your options for preventing data loss due to backup failure?
Must-do #1: Make sure your backup is properly configured so it will be there when you need it.
- In "3 Better Ways to Use Backup to Recover from Ransomware," we detail how to make your backup ransomware ready.
- Maria Korolov of CSO explains a three-tiered approach to backing up your data.
Must-do #2: Make sure your company has preventative measures set up so you won’t have to rely solely on backup.
- Brush up on preventative security measures with our Endpoint Protection Guide.
- Make sure you understand how ransomware works and how to stop it before it encrypts your files.
You may think recovering from backup is the standard response to a ransomware attack, but the best solution is to avoid getting to that do-or-die point in the first place.