The Right Backup Solution Enables Fast Recovery from Ransomware
On May 7, the city of Baltimore was hit with the RobinHood ransomware variant. The city’s IT team raced to shut down servers to halt the spread of the malware, but the phone system, email, and online billing and payment systems were affected. More than a week later, many of these systems were still down, affecting property transactions, utility billing and other services.
Baltimore has joined a long list of cities that have fallen victim to ransomware attacks. On April 10, the city of Greenville, N.C., was also infected with the RobinHood ransomware, forcing it to take most of its computer systems offline. On April 13, Imperial County, Calif., was hit with the Ryuk ransomware variant, bringing down its website and other functions. The city of Stuart, Fla., suffered a similar attack the same day, which brought down systems affecting police, fire, utilities and payroll.
The Critical Importance of Backups
These attacks illustrate the growing ransomware threat facing state and local governments, school districts, and other organizations in the public sector. A report published May 10 by Recorded Future lists 53 publicly acknowledged ransomware attacks on state and local governments in calendar year 2018, up from 38 in 2017. There already have been 21 reported attacks between Jan. 1 and April 30 this year.
To reduce the risk of a ransomware attack, government agencies should keep their security systems up to date and train users to spot the phishing emails that are often used to spread malware. However, data backup is an agency’s best defense should an attack make it past defensive systems.
Data should be backed up frequently to meet recovery point objectives and keep potential data loss to an acceptable level. Because restore time will often determine the true impact of a ransomware attack, recovery time objectives need to be established based on an acceptable period of downtime.
It’s important to remember, however, that ransomware attacks typically spread across the IT environment and can affect backup systems. Backups must be readily available for operational recovery, but agencies should also keep backups in an isolated, “air-gapped” environment where they can be accessed quickly but malware can’t get to them.
Dell EMC Cyber Recovery
Dell EMC recently introduced its Cyber Recovery software to protect organizations from ransomware, malicious insiders and other attacks that target the backup infrastructure. Dell EMC Cyber Recovery automatically copies backup data to a Cyber Recovery Vault — an isolated environment where the data can be secured. Automated recovery procedures enable fast restoration of these gold copies of data so that critical systems and processes can be brought back online as quickly as possible
Cyber Recovery can also perform artificial intelligence-driven security analytics on backed up data inside this secure environment without restoring data that may be infected with malware. A REST API automation framework makes it possible to seamlessly integrate Dell EMC Cyber Recovery software with advanced security analytics tools.
A current backup helps reduce the risk of data loss in a ransomware attack. But operational backup alone isn’t enough — to minimize the attack’s impact and cost, government agencies need the ability to protect backup data from malware and restore it quickly using automated tools. Let us show you how Dell EMC Cyber Recovery software can help state and local governments stay out of the headlines.