Recover your Data from a Back-up, not with a Ransom

An effective Data Back-up and Recovery plan takes the teeth out of a ransomware attack and could save millions in potential ransoms

New Update
Digital Personal Data Protection Bill

Ransomware attacks against Indian companies have registered an increase during the COVID-19 pandemic. Increasing unemployment and burgeoning demand for competitor data are fueling the rise of this highly organized cybercrime, which is leaving Indian companies poorer by millions if not billions.


The State of Ransomware 2020, a report by cybersecurity firm Sophos, estimates the average ransom paid by Indian companies to ransomware attackers at a whopping Rs 8 crore currently. The report also points to a significant rise in the number of ransomware attacks against Indian companies over the last 12 months.

And if that is not alarming enough, globally the cost associated with ransomware attacks is expected to rise to $20bn by 2021, as per research think-tank Cybersecurity Ventures.

Public establishments are especially vulnerable to cyber and ransomware attacks due to the importance of the services they provide. Across the world there have been instances of entire cities being plunged into darkness due to ransomware attacks on power utility companies. Last month, the National Highways Authority of India suffered a ransomware attack, in what is being suspected as an attempt at cyberwarfare.


The reason for this growing all-pervasiveness of ransomware is the simple modus operandi compared to other modes of cybersecurity attacks.

Ransomware infects a system in multiple ways, including email attachments, malicious links, drive-by downloads, RDP attacks and other third-party software. Once infected, data files are encrypted and can only be decrypted or retrieved after the specified ransom is paid. These attacks are getting more ubiquitous as the sophistication required is low, while returns in the form of ransom extracted are high.

According to research, paying ransom doubles the cost of dealing with a ransomware attack. This cost must factor-in multiple things including downtime, people time, device cost, network cost, lost opportunity, and the ransom itself. The average cost to rectify the impact of the most recent ransomware attack after considering all these is US$732,520 for organizations that don't pay the ransom, rising to US$1,448,458 for organizations that do pay.


Securing against ransomware must consequently be top of the agenda for not only IT leaders but also the c-suite executives in an organization. Endpoint security and end user education are important elements of a multi-pronged strategy to protect against ransomware, but data back-up is perhaps the key here.

Given the persistence of cybercriminals, ransomware attacks are being perpetrated over a longer period and have taken the form of cyberattack campaigns. The chances of them succeeding have also grown manifold.

A fragmented approach to data security adds to the risk. For instance, data protection and cybersecurity are two important elements that are intermeshed, but typically handled by two different teams. Lack of coordination between the two creates a disjointed view of the data security big picture in an organization. An integrated cybersecurity and data protection strategy is key to closing the security gap and ensuring various pieces of the data security puzzle fit together.


But what if the unthinkable happens and a ransomware attack succeeds in penetrating these security layers? A Business Continuity and Disaster Recovery (BCDR) plan alongside effective cybersecurity is key in case of an inevitable attack. How fast you can recover your critical data after a ransomware attack is what truly determines your preparedness for it. Having a clear and well-defined BCDR plan can help organizations protect themselves against the worst-case scenarios.

Here are the best practices for your BCDR plan

Define your RPO & RTO: Defining your RPO and RTO should be the cornerstones of your back-up and recovery plan. RPO or Recovery Point Objective refers to the volume of data you're prepared to lose when expressed in time. RTO or Recovery Time Objectives is the amount of time you can afford to lose before your systems and data are restored. It is important to define both these upfront in your DR plan.


Adopt the 3-2-1 rule: When it comes to securing business critical data, the 3-2-1 rule can never be overemphasized. Make at least three copies of your data and store them on at least two different storage media, with 1 version being offsite. This is important because many ransomware variants can spread laterally to other systems on the network and could encrypt the organization's drive that holds the local version of the backup. Augment your 3-2-1 strategy with an airgap copy, basically a copy of your data that resides offline. The idea here is simple; if data cannot be accessed, it cannot be infected.

Prefer Cloud backups and not Cloud storage

Cloud storage services do not offer file versioning, leaving backups vulnerable to ransomware. They also lack the ability to retain the file system structure, so if you ever need to recover your systems, you'll have to organize all your data manually.


Cloud backup services offer all the features critical to successful disaster recovery and business continuity. They include useful features such as file versioning, status reports, scheduling options and better encryption methods for transferring data. Cloud Back-up, therefore, is the preferable option when it comes to protecting your data against ransomware and ensuring business continuity.

Verify your recovery plan: Having a system and not testing it is preparing to fail at crunch time. Automated, application-level testing and fail-over is key to ensuring that your DR plan works. Testing should be done across all your local, remote and cloud locations so that there are no weak links in your DR plan.

Don't forget the human element and communications: Finally, the human element is the most important aspect of a Disaster Recovery and Back-up plan. Every stakeholder, including c-level executives, IT leaders and service providers should understand their roles in the plan and frequently practice them. Communications are also a critical element and alternative means of communication need to be defined and documented upfront. This will ensure that in case of a ransomware attack when the systems are down, all the key stakeholders are able to communicate with each other and decision-making does not suffer.

In conclusion, a ransomware attack does not have to be the ultimate apocalypse in your business journey. Provided, you are prepared to take a few important steps to back yourself and your data up.

By Nikhil Koragonkar, Regional Director, India & SAARC, Arcserve