September 02, 2020
Comprehensive Ransomware Protection for MSPs
Ransomware protection begins with end-user education, perimeter protection, and antivirus software. However, if a victim falls prey to a social engineering attack, they’re essentially opening the door for ransomware to enter a network.
Ransomware easily finds its way onto PCs, mobile devices, servers, and software-as-a-service (SaaS) applications. That’s why businesses need a business continuity and disaster recovery (BCDR) strategy that enables them to recover quickly. When evaluating ransomware protection, managed service providers (MSPs) should look for solutions that protect data across all of the devices and services their clients rely on. A comprehensive ransomware solution should include all of the following elements.
Rapid Recovery of Business Operations
Many modern server backup solutions offer a capability known as “instant recovery.” Here’s how it works: The backup server takes snapshots of physical or virtual servers, which are stored locally and replicated to the cloud. If a ransomware attack takes down a primary server, a clean backup “image” is mounted as a virtual machine on the backup device or in the cloud. This allows normal business operations to continue while the primary server is being restored, reducing costly downtime to minutes rather than hours or even days. Datto’s Instant Virtualization functionality for BCDR enables this type of recovery.
Point-In-Time Rollback for Servers, Endpoints, and Cloud-Based Apps
Point-in-time rollback or restore gives MSPs the ability to “turn back the clock” to a time before the ransomware attack occurred. In other words, you can restore systems to the state they were in immediately before the attack, ensuring minimal data loss. Modern BCDR solutions offer this capability by keeping a series of time-stamped snapshots. In the event of a ransomware attack, the user simply selects a snapshot taken immediately before the ransomware attack. Point-in-time rollback is common among server backup solutions, but less so in the endpoint and SaaS backup space. This is unfortunate because point-in-time recoveries are fast and straightforward when compared with traditional file-based restores, which require considerable manual effort. All Datto Unified Continuity solutions offer point-in-time rollback.
Some backup solutions offer native ransomware detection capabilities. Since backup is an ongoing, scheduled process, adding ransomware detection makes a lot of sense. Ransomware detection is important because early identification can mitigate the impact of an attack. Ransomware detection works by identifying patterns of change in the file types that are most likely to be encrypted by ransomware. For example, it’s unlikely that a user or legitimate program would rapidly and simultaneously perform an in-place file content overwrite with random data. So, if this (or another identifying pattern) occurs, the backup administrator is alerted.
BCDR as Ransomware Recovery
Ransomware attacks are a matter of if, not when for most small and medium businesses (SMBs). In fact, 85% of MSPs report attacks against their SMB clients in the last 2 years. MSPs rely on anti-malware as perimeter defense to try to keep things out of their networks, but because so many attacks use social engineering efforts, an attack is likely to make it through prevention efforts at some point. With this in mind, businesses need something to protect their data and help neutralize the impact of a ransomware attack. That’s where BCDR comes in.
A BCDR solution with the ability to detect ransomware and protect data means that even if a ransomware attack does occur, businesses can immediately restore or 'rollback' to a time before the data/system was compromised. And, in the event that the system is inaccessible, it can be virtualized in the cloud to keep the business running from there.
This means no ransom paid, no worry about lost data or being locked out of a business-critical system for an extended period of time, and no costly downtime.
Choosing the Right Solution
Business data lives in many places—servers, desktops, laptops, and cloud-based applications. So, a solution that can protect your data wherever it resides is essential. Additionally, ransomware attacks can incur significant business downtime if you aren’t prepared. That’s why it is important to deploy technologies that can get your clients back up and running quickly, as well. A comprehensive ransomware protection strategy requires a number of technologies and services. Partnering with a vendor that can deliver a unified ransomware protection solution can ease implementation and management.
To learn more about comprehensive ransomware protection, check out our eBook. In this eBook, you'll learn how ransomware attacks occur and spread across the cloud, what a comprehensive approach to ransomware protection entails, tips on choosing the right solutions to mitigate the risk of attacks, and more!