Why replication can’t fix the ransomware problem

Ransomware doesn’t knock on the front door. It sneaks in quietly, and by the time you notice, the damage is already done. Backups, replication, and cloud storage help recover from ransomware, but when it strikes, these products may not be enough. You copy your data and ensure copies are recoverable when needed.

Replication is often viewed as the gold standard of protection. It is fast, efficient, and seems like an easy answer. Two common types of replication are in use today.

The first is physical to physical. This is when data is copied from one physical device to another, usually at a remote location. The second is physical to virtual. This is when data is copied from a local physical device to a virtual device in the cloud, commonly managed by a backup vendor.

Both replication types can be useful and offer advantages, including uninterrupted service, reduced potential data loss, and data redundancy. But replication has limitations.

When ransomware strikes

When ransomware hits a server, the infection can spread fast. If replication is active, then corrupted or encrypted data may be copied to the secondary device. Both the original and secondary devices now contain bad data. Instead of serving as a safety net, replication can become a trap locking both environments into a compromised state.

Replication can also be complex to set up and maintain, requiring skilled staff. Not every organization has the time, budget, or expertise to set up and maintain a replicated environment.

Replicating to a vendor’s cloud can be expensive. You pay for the storage, and often for recovery and ongoing usage. Plus, if your original server goes down and you need to switch to the secondary server, you still need to rebuild the original server—reinstalling the operating system, reapplying patches, and restoring the previous configuration. This can take time depending on the environment.

Where does this leave us? Should we just throw replication out the window? No, replication has its place. It can solve certain problems, especially when the risk of downtime outweighs the maintenance costs. But replication is not a cure-all. It should not be viewed as the primary recovery tool, especially against ransomware.

Ask if you’re prepared

Some questions can help you determine if you are ready for a cyberattack. Replication is a great tool, but ransomware can often expose its weaknesses:

• Have you thought about what would happen if ransomed data spread across your replicated systems?
• Do you know how long it would take to rebuild an original device if you had to switch over?
• Have you tested your recovery process end-to-end, not just the replication part?
• Do you understand the true cost of your replication service, including the hidden recovery fees?

Look beyond replication

Replication is valuable, but it shouldn’t be the primary mechanism for recovery from a cyberattack. Replication comes with costs and complexity, and doesn’t replace the need for a recovery strategy. So consider replication a tool in the toolbox, not the entire strategy.

You need a way to quickly restore an infected device to a clean state—without worrying whether the compromised data has spread across your replicated environment. Or whether the recovery will cost more than the attack.

Users sometimes download files locally or store critical data outside of the replicated environment. A complete recovery strategy must include both servers and workstations to ensure quick recovery, regardless of which devices become compromised.

When considering ransomware recovery, explore solutions that provide resilience and data integrity, and enable fast recovery when your data is compromised. Instant recovery is achievable with solutions designed to recover from ransomware and other cyber threats.

Elisha Riedlinger is the COO at NeuShield.

View the full article