Endpoint Backup, your insurance against ransomware

In our previous blog we spoke about the many reasons why backups are such an effective way to protect important files from ransomware.   It is common for most organizations to form a ransomware defense strategy much like they would for any other type of malware.  This usually means relying on traditional cybersecurity tools – specifically endpoint security solutions.   Here’s a statistic for your consideration – 45% of all ransomware victims were running commercial grade endpoint security solutions when they were hit by ransomware. This goes to prove that the rapidly moving malware underground still manages to stay a step ahead of commercial grade players. 

In 2018, about 70 percent of ransomware attacks were made on small and medium size businesses and the average ransom demanded was $116,000*[1]. Code Spaces, a mid-sized source code hosting company had to shut shop due to a bad case of ransomware.  Data that was lost included, backups, machine configurations and offsite backups.

After high-visibility attacks like Wannacry and Petya, organizations worldwide started to realize that endpoint security alone may not be enough, and that a reliable backup strategy is necessary when it comes to ransomware protection.

Backing up has proven to be effective against ransomware in many instances. The median cost of a ransomware attack is nearly US$133,000 – and that is just the cost of the ransom.  Productivity losses combined with legal and disclosure costs can be many times that.  By any measure, a much higher cost when compared to the relatively moderate expense of adopting a backup strategy.

We often meet with customers who ask us what is more important to protect against ransomware – endpoint security or backup. Our answer – both, Equally!  A good endpoint security solution should still be your first line of defense, with a backup strategy that has your back even if that defense fails.

Endpoints are the primary attack vector for ransomware, and the class of systems most likely to be impacted.  What is interesting is that while ransomware is common knowledge in IT rooms, looking at endpoint backup as a defense mechanism is still an afterthought. Endpoint backup is still usually thought of as insurance against accidents like lost laptops, hard disks going bad, or coffee spills.  But it can be a super-effective defense against ransomware and potentially be a huge money-saver for organizations big and small. 

When crafting your backup strategy, remember that backup is more than simply making a second copy of your data.  A number of file synchronization solutions masquerade as “backup” solutions – but don’t cut the mustard.  Remember that ransomware has the ability to replicate and spread across a network, erase files on an external drives connected to endpoints, identify and erase restore points and also infect backups. Having backup solutions and strategies that are resistant to such ransomware tactics is a necessity.

Here are a few suggestions from one of our previous blog posts on what to look for in a good endpoint backup solution:

  1. Invest in reliable backup software that can back up all your endpoints. Look for something that can handle both Windows and Mac computers.
  2. To make the solution more bullet proof, consider putting your backups on the cloud. This builds in more separation between the potential ransomware attack and your data copy.  Make sure the solution can utilize cloud storage as a backup target.
  3. Look for software that is cloud agnostic and doesn’t tie you down to their own cloud. You should be able to shop around for the best cloud storage prices and have the software work with the cloud of your choice.
  4. Make sure that the backup payload that is being sent to the cloud is encrypted – using encryption keys you control. After all, this is valuable data that you’re spending good money protecting.  Make sure it is safe from prying eyes.
  5. If you’re managing many endpoints, you’ll want to be sure to look for a solution that:
    1. Can be centrally managed via policies
    2. Can scale over tens of thousands of endpoints.
    3. Allows users to do their own restores.
    4. You’ll also want to look for some type of integration with the user namespace you’ve implemented – like Active Directory.
  6. Since your outbound network bandwidth can be at a premium, look for software that can minimally do the following:
    1. Perform incremental backups – i.e. identify files that have been modified and move only those to the cloud. Or even better, maybe even move only portions of the files that have changed – this could be especially useful for very large files like PSTs that change very little every day.
    2. Can resume a failed backup from the point of failure.
    3. Be resource sensitive and use techniques like compression and de-duplication to save network bandwidth and storage space.
    4. Allows you to manage data retentions by file versions – so you can get back data from a previous day or even a previous week.

While backup applications aren’t specifically built to stop ransomware attacks from happening, the practice of regularly backing up data goes a long way in protecting your data from ransomware and keeping you compliant with regulations.  Suffice it to say that having reliable copy of your endpoint data has proven to be the best defense against ransomware.

[1] Beazley Breach Response Services.