The Importance of Air-Gapping for Ransomware Recovery

Ransomware differs from traditional threats to information security in that the attacker’s goal is not to steal the data, but rather to prevent the victim from accessing his or her own data. In most cases, the data affected by ransomware never actually leaves the organisation.

Many forms of ransomware encrypt a victim’s data using an encryption key known only to the attacker. After a specified length of time, the attacker deletes the encryption key, and the victim’s data is lost forever. Even if the victim pays the attacker prior to this deadline, the attacker may or may not provide the victim with the required decryption key. Maintaining a storage air gap can provide an effective recovery solution to these types of information attack.

An air gap is the maximum protection between two or more different systems – other than physically turning them off. If your files are encrypted by ransomware, your “air-gapped” data isn’t affected and is available as a “last resort” restore. However, depending on when the malware impact was discovered, some versions of the air Gapped data may be affected.

What’s required is an architecture that incorporates four main capabilities:

  1. Early warning of infection. Ransomware infections are often not noticed for some time. The scope of the infection may have a direct bearing on recovery times – and whether recovery can be realistically achieved at all.
    To counter this specific risk, back-up strategies need to incorporate early warning of potential data “denial of service” situations to avoid infected data proliferating through back-up cycles
  2. Rapid assessment of impact on data integrity – when we know we have been impacted we need to be able to rapidly establish a trusted restore point. This may not be the latest back-up, it may be one or more version earlier.
  3. Fast restore from off-line storage media: a method of rapidly locating and mounting back-up media and restoring from is necessary to ensure that the period of disruption is minimized.
  4. Establishing a back-up strategy is just the first step, regular testing of recovery capabilities and processes needs to be conducted to ensure that they remain fit for purpose.

Many industries have regulation about how they store and manage their data, to minimise the effects of a ransomware attack. At Adam we have over 25 years of experience providing secure off-site data backup. Most recently we have worked closely with some of the industries leading software vendors to provide secure air gapped copies of your data in our Tier 3 Cloud, please click here for more about our CiCloud.

To find out how we can help you, get in touch or visit our website: , or call 01256 37800

Comments are closed.