cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
gidyn
Contributor III

Ransomware and Disaster Recovery

When we hear of an organisation crippled by a ransomware attack - what if it had been hit by a natural disaster, terrorism, or some other threat? Does this mean that it had no functioning disaster recovery plan, or am I being naive? Crafty ransomware may introduce gradual data corruption over time to confound backups, but this seems to be the exception.

10 Replies
dcontesti
Community Champion

I don't think you are being naïve.  I believe that anyone who has a plan will try to kick it into play, however, most plans are written for the natural disaster, etc. and someone is going to have to adjust.

 

Through time, we have seen many stories of companies spending $$$$ to replace equipment, find good backups (that is if they have them) and eventually restore.

 

With other threats, there may be less real-time data loss........not always true but with Ransomware like any virus, etc, it may not be possible to restore as rapidly.

 

Here is a great article from Forrester on Ransomware and DR/BCP

 

https://info.cohesity.com/rs/103-SPE-204/images/Forrester%20Ransomware%20Recoverability%20Must%20Be%...

 

Smaller and mid-size companies may or may not have embraced DR/BCP as yet but many are starting to pick up the ball.

 

Sorry, long winded reply to say you are not naive.

 

d

 

 

 

Beads
Advocate I

Not so much naive but realistic. For most organizations ransomware should be treated as a natural disaster, even if man-made.

 

BCP/DRM has for whatever reason faded into the background these past few years, perhaps because it doesn't sound 'cyber' or sexy enough to bother. Not sure. Nonetheless ransomware must be tied back to BCP/DRM either way or suffer the consequences.

 

- B/Eads

ElviaB
Viewer

They  are just stupid. They think that having a BC plan is enough.............if they have one. A regular test of your BC plan is as important as having one. People forget updating the BC plan when changes are made.

Other factor is when you forget about the dependencies of your system and there is no plan for that.

 

 

Beads
Advocate I

Stupid is a bit much but I enforce my BCP/DRM plans by policy statement and audit. This way what you refer to as "stupid" becomes the law of the land and is enforceable.

 

Depends a bit more on your industry now doesn't it?

 

- B/Eads

Caute_cautim
Community Champion

Hi All

 

You could use this type of approach, whereby in this case IBM Security and IBM Storage came together and offered a different approach to tacking the issue cited "Ransomware".

 

https://bit.ly/3N8o54b

 

https://www.youtube.com/watch?v=oZUtqfZbpuA

 

The video explores IBM's Synergy between IBM Security and Storage products. Using IBM Flash-systems' Safe Guard Copy functions, along with QRadar and SOAR, this video shows how QRadar - SIEM will alert to a cyber attack, and then immediately launch SOAR to remediate using various automation tools, leveraging the Immutable snapshots on the Flash-system, testing and validating them, and then finally restoring one to the production server, with a full restart.

 

A useful and innovative method.

 

Regards

 

Caute_Cautim

Caute_cautim
Community Champion

All you could also read the definitive guide to Ransomware in 2022 and then circulate it to raise awareness.

 

On the basis that if someone needs it they will read and apply it, hopefully before the action takes place and not after the event!!

Regards

 

Caute_Cautim

 

 

csjohnng
Community Champion

@Caute_cautim 

 

 

Good sharing. 

However, as an ex-IBMer, I really doubt IBM's innovation and execution.

 

As IBM storage brand (tech sales) always selling dreams (things are too good on paper and only work on paper) but eventually is a lab's alpha or it's just some GTS (now is call split off as kyndryl) offering (meaning a lot of hard work on integration specialist writing custom script to make the "product" to work).

 

John
Caute_cautim
Community Champion

@csjohnngDefinitely some bad feelings or blood there.   It definitely works, in production and not just a pipe dream.   There have been a great deal of changes, chaotic at time, but it has come along way from the Red Books and has been turned into a reality.

 

I have seen other techniques, but I just wanted to illustrate one method of recovering from Ransomware attacks.   Now the industry feeling is that Ransomware is running out of puff, and BEC attacks are becoming more sophisticated and likely to be the next battleground.

 

Regards

 

Caute_Cautim

csjohnng
Community Champion

@Caute_cautim 

yes, there are good and bad within IBM. I don't really have bad feeling about IBM, but just sad to see it's falling ranks from the fortune 500 years after years.

 

There are great time in my early career with IBM and definitely blood and sweats as well in making things work in IBM. 🙂

I still love and miss IBM's value of dedication to client success.

 

I recall there was call for invitation on writing the Redbook 15 years ago, ( we called red residency). Eventually I did not apply the red residency. I still recall it's a top priority within IBM in the old days because the redbooks benefit so many customers and IBMers.

 

When IBM release product (esp new ones), it really took individual specialist (old day I was also GTS) to write the redbooks ( not the manual)  because the products (developed by those "lab" people) are really so "unfriendly", "sophisticated" and even "unknown" to internals.

 

But anyway, good sharing and glad if that works, I hope there are still good talent and great vision in the IBM distinguish Engineers-DEs and as well as their senior executives

John