An antidote to ransomware

Backup could play an important role as ransomware risk rises, says Larry Walsh

When we think of backup applications or cloud services, we think about recovering files corrupted by failed equipment or somehow lost. Backup is a component of business continuity; if a site goes down, another can spin up with replicated data.

If security is about the three "CIA" pillars of confidentiality, integrity and availability, backup falls under the "A" category.

Some planners even consider availability more important that confidentiality and integrity, as data - regardless of quality - is useless if you can't get to it.

Now comes the rise of ransomware - malware such as viruses and worms that encrypt files and prevent authorised users from accessing them until a payment is made.

According to Intel Security, more than 250,000 ransomware samples were in circulation in 2013, and the volume is expected to increase as the malware gets more effective at extracting money from businesses and individuals.

If ransomware is about denying access or availability, doesn't it stand to reason that backup - particularly cloud backup - could be an antidote to these lockout toxins?

Backup vendors often talk about the value of their products in terms of RTO - recovery time objective, or the time it takes to recover from a disaster - and RPO, or the maximum tolerable period that data can be lost from an IT service due to a major incident.

The value of their services is in the ability to access data and maintain normal operations. Recovering from viruses is part of the value equation, but rarely do backup vendors get that specific in their discussions.

But recovery from ransomware is becoming an increasingly routine operation for malware vendors, as the volume of attacks continues to rise.

Rather than paying off the extortionists, subscribers to backup services are turning to their providers to recover files and resume normal operations as they would in any other disaster.

Channelnomics checked with several backup software vendors and cloud services, and and most said they're performing ransomware recovery operations for their clients. And nearly all said requests for ransomware recovery support are on the rise.

"While we aren't in the anti-virus business, we understand the impact the malware is having on our customers and have done everything we can to help decrease its effects. When our customer solutions team realised the severity of the CryptoLocker virus, they took it upon themselves to find a way to better help customers involved.

"They were able to come up with a solution that makes it easier to recover unencrypted versions of the files, and have helped hundreds of people regain access to their files," Carbonite told Channelnomics.

Intronis has produced a guide for its partners and customers on how to deal with ransomware, and how partners can demonstrate the value of cloud backup in recovering from an encryption attack.

"We see cloud data protection as a way of protecting your data in case your organisation is hit with ransomware," said Neal Bradbury, vice president of channel development at Intronis.

Even a cloud service as large as SunGard Availability Services is seeing increased demand for ransomware support. While SunGard says recovery from ransomware is a benefit of its cloud services, it's not the primary value proposition.

Thinking of backup as the antidote is an interesting idea, but such a solution would not be foolproof.

Trojans and worms slither through network connections and can corrupt file stores in the cloud or backup servers. Backup vendors advise users to lock down their backup connections at the first sign of a ransomware attack to prevent the spread.

Last week, the FBI and law enforcement agencies from multiple countries executed a coordinated operation that took down a massive botnet responsible for the widespread distribution of Cryptolocker, one of the most prevalent and potent ransomware in circulation.

Following the takedown Cryptolocker activity on the internet plummeted, putting a dent in the extortion racket.

However, security researchers said other forms of ransomware raced to fill the void. Ransomware, it seems, is endemic to the fabric of the dark side of the internet.

Backup vendors and managed services providers should consider incorporating the threat of ransomware and the benefits of their offerings in business continuity.

Extortion is a problem that is only going to get worse, and businesses will have little tolerance for making payoffs. Could backup could be a solid preventative measure or even, potentially, the antidote?

For more US-focused channel coverage see www.channelnomics.com