Can backups really protect you against ransomware?

4,000 ransomware attacks occurred every day in 2016 - can backups protect against all of them?

More than 80 per cent of businesses feel that incidents of ransomware attacks are on the rise, and are fighting the increase with backup solutions to protect their data (if, of course, the backup isn't corrupted itself).

Druva published the figures in its first annual Ransomware Report, which also claims that ransomware attacks have quadrupled in the past year: reaching an estimated $1 billion value in 2016 and expected to top $5 billion this year. 4,000 attacks occurred, on average, every day in 2016. Businesses responding to Druva's questions said that half of those who had been hit by ransomware had been attacked multiple times.

Obviously, ransomware protection is crucial for all sizes and sectors of industry, as proven by both WannaCry and the recent NotPetya assault in Ukraine: it's not a case of "if" a company will be targeted by ransomware any more, but "when". Druva CEO Jaspreet Singh says, ""It's no surprise that more and more companies are relying on backup to recover from ransomware attacks. Simple preventative planning greatly mitigates what could otherwise be costly and destructive to data recovery, not to mention devastating to overall business viability."

The report also found that ransomware is increasingly targeting non-endpoints: a third of all attacks now target servers, for example, and 70 per cent spread to multiple devices.

Paying the ransom is not always a sure way of recovering data. Kaspersky estimates that 20 per cent of organisations that pay do not get their information back, and 'in many cases' the attackers demand a second ransom. Data backups were seen as a much more reliable method: 82 per cent of respondents said that backups helped them to recover from a ransomware infection.

Gartner also favoured backup as a protection against ransomware, saying, ‘As a fail-safe, organisations should implement enterprise endpoint backup for laptops/workstations, and set recovery point objectives (RPOs) for each server deemed to be at greater risk to ransomware according to organisational requirements, based on data loss time frame acceptable to the organisation.'

We spoke to Helge Husemann of Malwarebytes in a recent websem run by Computing, about the use of backup-as-ransomware-protection. Husemann agreed that attacks can be countered with backups, but "of course you need to make sure that the backup is safe and doesn't contain a time bomb. AV, even layered AV, isn't keeping us safe anymore. We're seeing a lot of malware, viruses and Trojans that are getting into organisations - in a lot of cases because they lie low at first."

Computing 's next security websem, 'Threat lifecycle management - a six-point stage workflow plan', will take place on the 6th July at 11am.