Cybersecurity companies are sounding the alarm: the number of ransomware attacks has dramatically increased in 2024, and so has the price tag. Hacking attacks are not just getting more sophisticated, they are getting more expensive as well.
Ransomware is a type of security attack in which hackers infiltrate networks, gain access to the operational and backup data, encrypt them, and demand payments in exchange for the decryption key.
The Nature of Ransomware Attacks
According to the FBI, there are more than 4,000 ransomware attacks every day. Furthermore, 50% of small to medium-sized businesses have been victims of a cyber-attack, and 60% of those attacked will go out of business.
For example, in March 2024, it was reported that one company paid 75 million USD to hacker groups to recover their data from ransomware attacks.
In June 2024, the BlackSuit ransomware group targeted CDK Global, disrupting operations at thousands of auto dealerships, and demanded 387 Bitcoin (about USD 25 million).
In September 2024, the ShinyHunters hacking group stole millions of customer call records from AT&T and demanded a ransom of 5.72 Bitcoin, worth approximately USD 373,000.
Even though cybersecurity vendors advise against making payments and recommend implementing strong security measures, the trend of making payments is still ongoing.
October is Cybersecurity Awareness Month, and it’s the perfect time to highlight the critical role of backups in defending against ransomware attacks.
Why Traditional Security Measures Aren’t Enough
Keeping devices up-to-date, utilizing firewall protection, and setting two-factor authentication requirements all can help prevent your network from falling victim to an attack but ensuring you have a comprehensive backup solution is a key part of data protection and there are a few areas of data backup that often go overlooked.
There are plenty of security measures you can implement, such as IDS and IPS, NGFW, endpoint protection, two-factor authentication requirements, and others, but here’s one I stand behind: A backup. But hold on…
Not just any backup, but proper backup!
A proper backup that follows the 3-2-1 backup rule and includes immutable backup copies along with regular backup verification.
Backups play a critical role in defending against ransomware attacks.
The 3-2-1 backup rule is simple: keep three copies of your data; one original and two backups. Those backups? They should be in different places; one of them, ideally, offsite, like in the cloud. It’s like locking your important documents in two different safes, just in case something happens to one.
What is most often overlooked?
Five things are often overlooked in organizations, and I would like to highlight their importance and the best ways to utilize them in organizations of any size.
Identify and eliminate data silos. Data silos create isolated data pockets within organizations, hindering comprehensive data monitoring. Synology Active Backup for Business suite includes the Auto Discovery feature which can be configured to automatically add new virtual machines to your backup tasks. Active Backup for Office 365 also allows you to automatically add new sites or user groups to your backup tasks ensuring no data goes overlooked.
Make your backups work for you. Making your backup system easier to use makes it easier to ensure your backups are being done. Synology’s Active Backup for Business suite allows users a single pane-of-glass interface to backup fleets of laptops, VMs, and more. Active Backup for Business also offers advanced space-saving features like incremental backup and global data deduplication. This allows users to only back up data that was added or modified after the initial system backup and keep unique data blocks both reducing space and ensuring the integrity of your data.
Evaluate your backup retention period. Systems infected with ransomware often have been compromised months before the attack. Checking retention rules for your backups is critical to ensure you can restore uncorrupted backups in the event of a ransomware attack. Synology’s suite of backup software offers users customizable backup schedules and retention policies to ensure they have the tools and the flexibility they need to keep their data safe.
Test your backups The worst time to test your backup strategy is after something bad happens. Run a fire drill and ensure you can restore your critical data in the event of a cyberattack. Synology’s Active Backup for Business suite has flexible restoration options including full image restoration or the ability to download individual files and folders. Utilizing the instant restore feature also allows users to spin up their devices as a virtual machine using VMware, Hyper-V, or Synology Virtual Machine Manager greatly reducing downtime.
Complete the cycle Common ransomware attacks involve encrypting an organization’s original data and simultaneously deleting existing backup data. By following the 3-2-1 backup rule and keeping a copy of your backup data offsite you can protect yourself against the threat. Utilizing Synology Hyper Backup or Snapshot Replication you can complete the 3-2-1 backup rule and have secured copies of your backups offsite.
Bonus
There are two additional measures that help us be proactive in the event of unplanned downtimes, which could potentially result in losing access to data: network monitoring and high availability.
One of the most commonly overlooked measures is monitoring physical storage and backup jobs. As IT professionals, we need to stay informed about the health status of our Synology, hard disks, and related hardware components. We also need to know whether backups have succeeded or failed. While Synology has a native SMTP function for sending email notifications (I may explain step-by-step how to configure it), the best practice in a heterogeneous infrastructure is to use dedicated network monitoring.
I recently wrote a blog article that explains how to monitor the health status of a Synology, its disks, and disk usage. You can read it:
When it comes to high availability, organizations should always implement high availability for their storage and backups. Synology offers high availability clusters for certain models, and if time and resources allow, a deeper dive into the topic will be provided. In the meantime, you can take a look at Synology Inc.
Conclusion
Ransomware is one of the most dangerous threats to organizations of any size. It’s an attack carried out by hacking groups to encrypt data and then demand payment in exchange for the decryption key.
There are various security measures that can be implemented, such as strong firewall policies, endpoint protection, multi-factor authentication, and more. One of the key measures I highlight in this article is having a proper disaster recovery plan using backups.
Backing up data has never been more important than it is today. I encourage you to try Synology Backup and share your thoughts with me.