The only way out after successful ransomware attacks

Wie doppelte Erpressung mit der Egregor-Ransomware funktioniert


In a new study, Rubrik highlights the importance of immutable backups

The immutability of backups is a critical factor in a company’s ability to recover from a ransomware attack

Rubrik, the Zero Trust data Security company, has announced the results of its study “Immutable back-ups: Separating hype from reality”. To this end, the company interviewed 150 IT executives about backups against the background of increasing ransomware attacks. The respondents in institutions or companies with less than 500 to more than 10,000 employees represented various sectors and industries.

The topic of backup in connection with data protection is always on the agenda. According to a Bitkom study on the GDPR in Germany, every third company (34 percent) sees the difficult technical implementation as one of the biggest challenges. However, data protection and thus effective data backup are indispensable, not only for compliance reasons, but because of the business-critical importance of data in everyday digital business.

What does immutability mean and what does it presuppose?

The immutability of data backups means that the backup data cannot be manipulated, overwritten or deleted. While the primary storage must be accessible to employees, the backup data must be isolated and unchangeable. If this is not the case, there is no usable backup available in an emergency. “A sensible approach is therefore a modern data management platform with backup immutability and fast recovery. A concept based on Zero Trust Data Security keeps hackers away from the backup system, identifies ransomware activity and ensures that all data has a clean backup to be restored quickly,” explained Achim Freyer, Regional Director Central and Eastern Europe at Rubrik .

However, the Rubrik study has shown that the importance of the immutability of backups is not entirely clear to IT managers. When asked how important an immutable backup solution is for your company, the average score was 8 on a scale of 1 to 10, while only 15 percent of the participants gave the highest rating 10.

The vast majority of respondents believed that backups are their most important protection against ransomware attacks. Only 58 percent answered in the affirmative to the question of whether they were aware of the immutability and security principles of their backup provider against ransomware. 37 Percent of respondents said no, and 5 percent said that their backup solution does not comply with such principles. “In view of the increasing likelihood of an attack, this result once again indicates that many companies are taking a significant amount of unnecessary risks,” says Freyer.

Immutable backups are crucial after a ransomware attack

“The immutability of backups is a critical factor in a company’s ability to recover from a ransomware attack. Three-quarters of the companies we surveyed said that this is an important part of their recovery plan. Therefore, the question of what constitutes an immutable data backup is of great importance,“ Freyer added.

In order for a backup to be truly immutable, neither administrators nor threat actors can access or change it. This means that it is protected from attackers who often encrypt or delete data during a ransomware attack. An immutable backup solution in the company is therefore crucial for a good cybersecurity strategy and should be an integral part of the system architecture. However, this is not yet the case for many companies. When asked to what extent they agreed with the statement that the backup data of their company can not be read, changed or deleted by clients on the network, only 63 percent of participants agreed rather or fully.

What else to consider

It goes without saying that backup data should not be accessible to external clients, but it is important to distinguish between authentication protocols. Standard protocols for writing to backup storage, such as NFS (Network File System) and SMB (Server Message Block), should be avoided due to their relatively weak authentication mechanisms. These can be easily bypassed. Authentication should also extend to all operations with data. All writes must be done out-of-place so that new writes cannot touch the existing data as with in-place writing systems.

In addition, the data should be provided with a fingerprint when reading in and the fingerprints should be stored together with the data. If this is not done, the backed up data cannot be validated in the event of a recovery. If lost production data is replaced without the replacement being verified, the company is again at greater risk. Cluster communication is also important. If the members of a storage cluster are trusted via a network whitelist instead of TLS (Transport Layer Security), ransomware could simply intercept the communication and gain access to the backup data.

Make no compromises

“If companies want to fall back on their backups in an emergency, they must be immutable in any case. Here it is important not to compromise, because with ransomware, the question has long ceased to be whether an attack could take place, but when it will take place,“ Freyer stressed.

Ready to see us in action:

More To Explore
Enable registration in settings - general
Have any project in mind?

Contact us: