The comprehensive guide to ransomware protection and recovery

Deprecated: jetpack_lazy_images_blacklisted_classes is deprecated since version Jetpack 8.7.0! Use jetpack_lazy_images_blocked_classes instead. in /home/dbslmic1/public_html/wp-includes/functions.php on line 5088


The rise of ransomware has become a crisis that has crippled organizations world-wide. New strains of ransomware and other malware threats are on the rise, and using more advanced social engineering techniques to facilitate their spread. With more employees transitioning to working remotely, the risks and exposure to ransomware are higher than they have ever been.

Ransomware is a form of malware that encrypts and holds your critical business and customer data hostage, and you are unable to access your data until you pay the demanded “ransom” to obtain the encryption key needed to unlock your data. Even if the ransom is paid, there is no guarantee that the attacker will provide you with the decryption key, which can permanently shut down your business. With the growing frequency and sophistication of ransomware threats, Security Operations leaders are acutely aware of the consequences of excessive downtime, data loss and business disruption due to ransomware attacks.

In today’s diverse and distributed IT environment, restoring the organization’s applications and data quickly in the event of a ransomware attack is a significant challenge. According to a December 2019 Gartner analysis of clients’ ransomware preparedness, over 90 percent of ransomware attacks are preventable with sound security fundamentals, including an effective backup and recovery strategy. In order to give businesses a framework for adopting a strong cyber resiliency strategy, the National Institute of Standards and Technology (NIST) published the Cyber Security Framework, consisting of guidelines and best practices to manage cybersecurity risk including identification, detection, protection, response and recovery.

Reliable backup and recovery is a crucial line of defense against ransomware. Having secure backup images of critical business data and applications allows companies to roll back in time to recover applications and data before the point of ransomware infection. Organizations should use backup as a defense for data and applications that are particularly vulnerable to ransomware such as end-user data, NAS, file shares, virtual machines and SaaS applications including Microsoft 365 (formerly known as Office 365).

There are several data protection solutions in the market to help address backup and recovery but on-premises solutions are not immune to ransomware once the data center systems are impacted. Your business needs a solution that provides a comprehensive approach to protecting against ransomware attacks and helping organizations recover with speed/agility and confidence.

5 Steps to protect from and limit the impact of ransomware

Druva’s secure and robust cloud architecture can help you protect your business assets and limit the impact of ransomware on your organization. To help you start, here are 5 steps to help you improve your business resilience to ransomware attacks.

1. Identify and automate data protection for key business assets

2. Protect backup environment with immutable data

3. Detect early threats potential risks

4. Respond proactively to prevent contamination and threat permeation

5. Recover data quickly with flexible recovery options

1) Identify and automate data protection for key business assets

In order to recover from ransomware (without paying the ransom), you must have a secure copy of your applications and business data. The first step for any data protection strategy is to understand the full scope of the applications and data that needs to be protected. This includes not only the critical servers and applications that power your business but also the entry points where ransomware can attack (primarily your end users).

When assessing your data protection needs, consider these key areas for protection:

• End-user data — the most likely source of a ransomware attack comes through the social engineering of your end-users. Endpoints (laptop, mobiles devices, etc) and SaaS applications that hold your end-user data (Office 365, GSuite, etc.) need to be protected in order to detect and limit the spread of ransomware

• Datacenter applications and data — these systems are the true target of ransomware, and loss of access to these systems can critically impact your business. Protect the virtual machines, NAS systems, and databases that are critical to the health of your business.

• Cloud workloads — As the use of cloud computing on Amazon Web Services increases, it is mission-critical to ensure that these environments can be restored quickly in the event that ransomware infects these systems. Automating the data protection processes and policies for backing up your key assets ensures that you have up to date backups to facilitate a timely recovery. Configurable backup policies and pre-configured compliance templates assist you with defining the assets to protect, with associated compliance and retention policies as appropriate to your environment. Druva offers a unified cloud data protection platform that can protect your endpoints, SaaS applications, data center and AWS workloads, giving you the flexibility to protect all of your key assets.

2) Protect backup environment with immutable data

One of the challenges of on-premises data protection solutions is that they are exposed to the same ransomware threat as the rest of your data center environment. Any backup environment attached to your network can be infected with ransomware, preventing you from accessing your backup data at a critical time.

Unlike an on-premises backup solution, Druva offers built-in, naturally air-gapped and immutable data protection. Backup data is isolated from the customer’s infrastructure in the Druva Cloud Platform by design. Ransomware cannot exploit the same threat vectors or security vulnerabilities of the customer’s environment to execute itself in Druva’s cloud-native backup environment. Druva’s cloud-native architecture ensures your backup data is not at risk from ransomware and prevents ransomware from encrypting your clean backup copies.

Data backed-up in the Druva Cloud Platform cannot be modified or deleted by ransomware. Your backup data is protected without the need to manage extra processes or software, or spending additional hardware. It’s part of Druva’s foundation for the Druva Cloud Platform.

With distributed data and applications, data management, privacy and security have become a ubiquitous challenge for IT teams. Typically with an on-premises backup solution, the onus is on the Security Operations or IT administrators to upgrade data protection software and backup appliances on time, security patches applied and regularly maintained to prevent exposure of backups to security threats. Usually, the cost to manage and maintain the on-premises infrastructure and software comes at a price, which could become another challenge given shrinking IT budgets.

Encryption and access control

Druva Cloud Platform provides a secure, multi-tenant environment for customer data. Druva issues unique per tenant AES-256 encryption keys and offers encryption for data in flight and at rest. The use of one unique encryption key per customer along with customer held key-encryption keys, creates crypto-segmentation between customers, completely avoiding data leakage.

• Druva stores the data by splitting it into blocks and deduplicating, with unique data blocks getting stored into AWS S3 and metadata in AWS DynamoDB and uses AWS EC2 as the computational layer to enable elastic scalability.

• The application layer is separate from the data layer. As a result, anyone having access to the application layer doesn’t get access to the data layer.

• Within the data layer, Druva encrypts the data using its proprietary envelope encryption technology, making it impossible for anyone besides the customer to access the data.

• Druva employees cannot access customer data or infrastructure directly, in line with our security by design philosophy.

Druva’s stringent security compliance and certifications

We’re proud of the third-party validation that supports the trustworthiness of our security—one of our core pillars. While many cloud SaaS vendors simply rely on the certifications that the CSPs provide for the infrastructure as their security model, Druva has gone above and beyond, achieving compliance and attestations for our cloud service. To date, Druva is certified or can claim compliance with the following certifications and frameworks, including (but not limited to):

• SOC 2 type II audited

• HIPAA compliance

• FIPS 140-2 compliant (GovCloud environments)

• FedRAMP moderate ATO (inSync GovCloud environment)

These certifications are available from Druva upon request. In addition to these certifications, Druva has an open Vulnerability Disclosure Policy and has ongoing penetration tests conducted for any security vulnerabilities by third parties (Coalfire, Bishop Fox, ) to ensure the highest levels of security compliance.

To read full download the whitepaper:
The comprehensive guide to ransomware protection and recovery


Previous articleHow to Find the HCI Appliance that Meets Your Storage Needs
Next articleComprehensive Office 365 backup