Backup: An antidote to ransomware

backup securityWhen we think of backup applications or cloud services, we think about recovering files corrupted by failed equipment or somehow lost. Backup is a component of business continuity; if a site goes down, another can spin up with replicated data.

If security is about the three pillars of “CIA” — confidentiality, integrity and availability — then backup falls under the “A” column. Some planners even consider availability more important that confidentiality and integrity, as data — regardless of quality — is useless if you can’t get to it.

Now comes the rise of ransomware – malware such as viruses and worms that encrypt files preventing authorized users from accessing them until a payoff is made. According to Intel Security, more than 250,000 ransomware samples were in circulation in 2013, and the volume is expected to increase as it malware becomes increasing effective at extracting money from businesses and individuals.

If ransomware is about denying access — or availability — then doesn’t it stand to reason that backup – particularly cloud backup – is a potential antidote to these lockout pathogens?

Backup vendors often talk about the value of their products in terms of RTO — recovery time objective, or the time it takes to recover from a disaster — and RPO, or the maximum tolerable period in which data might be lost from an IT service due to a major incident. The value of their services is the ability to access data and maintain normal operations. Recovering from viruses is part of the value equation, but rarely do backup vendors get that granular in their discussions.

But recovery from ransomware is becoming an increasingly routine operation for malware vendors, as the volume of attacks continue to rise. Rather than paying off the extortionists, subscribers to backup services are turning to their providers to recover files and resume normal operations as they would in any other disaster.

Channelnomics checked with several backup software vendors and cloud services, and nearly all say they’re performing ransomware recovery operations for their clients. And, nearly all say that requests for ransomware recovery support is on the rise.

“While we aren’t in the anti-virus business, we understand the impact the malware is having on our customers and have done everything we can to help decrease its effects. When our customer solutions team realized the severity of the CryptoLocker virus, they took it upon themselves to find a way to better help customers involved. They were able to come up with a solution that makes it easier to recover unencrypted versions of the files, and have helped hundreds of people regain access to their files,” Carbonite told Channelnomics.

Intronis has produced an entire guide for its partners and customers on how to deal with ransomware, and – specifically for partners – how to demonstrate the value of cloud backup in recovering from an encryption attack.

“We see Cloud Data Protection as a way of protecting your data in case your organization is hit with ransomware,” said Neal Bradbury, vice president of channel development at Intronis.

Even a cloud service as large as SunGard Availability Services is seeing increased demand for ransomware support. While SunGard says recovery from ransomware is a benefit of its cloud services, it’s not the primary value proposition.

Thinking of backup as the antidote is an interesting idea, but it’s not foolproof. Trojans and worms slither through network connections and, potentially, can corrupt files stores in the cloud or backup servers. Backup vendors advise users to lock down their backup connections at the first sign of a ransomware attack to prevent the spread.

Last week, the FBI and law enforcement agencies from multiple countries executed a coordinated operation that took down a massive botnet responsible for the widespread distribution of Cryptolocker, one of the most prevalent and potent ransomware codes in circulation.

Following the takedown, Cryptolocker activity on the Internet plummeted, putting a dent in the extortion racket. However, security researchers noted that other forms of ransomware raced to fill the void. Ransomware, it seems, is endemic to the fabric of the dark side of the Internet.

Backup vendors and managed service providers should consider incorporating the threat of ransomware and the benefits of their offerings in business continuity. Extortion is a problem that is only going to get worse, and businesses will have little tolerance for making payoffs. Backup could be solid preventative measures and, potentially, the antidote.

This article was originally posted on Channelnomics.