Ready to Recover from Ransomware with Nasuni

Nearly every day seems to bring new reports of ransomware attacks, each making a significant impact on public services:

• Delays in reporting COVID-19 data by state health departments

• Disruptions to scheduling, location and operational systems for public transit vehicles

• An attack on servers used for administrative and lawmaking functions in a state legislature

• Class cancellations and other detrimental effects on learning in K-12 school districts or higher education institutions

IT and agency leaders understand their organization may be the next target. Yet many don’t feel adequately prepared for this threat. In a 2021 Center for Digital Government (CDG) survey, 60 percent of IT practitioners said cyber threats evolve faster than their organization is equipped to handle, making security their top challenge.

When it comes to response readiness for a ransomware attack, many agencies have made improvements to block ransomware from entering their systems. However, adequate measures may not be in place to recover locked files if an attack is successful. And when robust policies, procedures and systems to mitigate ransomware attacks are not in place, an agency may face higher premiums for cybersecurity insurance.

What resources, tools or processes are needed to create an adequate recovery capability? This paper presents critical questions to help IT teams assess current recovery capabilities and identify improvements to prepare them for the cyber threats that lie ahead.

Which of our files present the highest risks for public safety and government operations if they become inaccessible? What would be the negative impacts of a prolonged disruption to file access?

A lockout of any file can disrupt operations and services to the public. Yet it is easy to recognize that some files may have greater importance and should receive higher priority for recovery. For example, sensitive files targeted by a ransomware attack may leak information that is confidential or protected by privacy laws.

An inventory and priority assessment of files will identify which are the most vulnerable to a ransomware attack. It can be helpful to analyze the files in categories such as public safety, operations, finance and compliance, and public services.

The goal of this analysis is to identify a clear and effective backup and recovery strategy, especially for the most critical files.

Do we know where agency backups are stored and how long it would take to recover them? How much recent data would potentially be lost?

Over time, agencies have likely deployed a large and varied mix of file storage and backup solutions. These solutions can range from dedicated file servers in departments, to files stored in cloud applications, to racks of central storage devices in a data center. The reasoning behind this proliferation seems sensible: Store multiple backups in multiple places to reduce the risk from losing any one of them. However, more storage often only creates a bloated infrastructure and extra work for IT.

Within this environment, it can be difficult to keep a current inventory of all files and backups that should be covered by a recovery plan. Additionally, recovery from a traditional backup is a timeconsuming, painstaking process to identify which files were compromised and then determine which backup is best for the restore. Sometimes organizations struggle just to find any backup that’s still usable.

Additionally, some ransomware attacks are designed for a painful delayed action that is triggered beyond the typical history of backup snapshots. These attacks make it very difficult to identify when a compromise occurred, and which files must be restored to what point, if at all.

IT can better serve the work of users and the agency if it can recover both a very recent version of a current file and a file backup made months ago, and everything in between. These capabilities require a frequency and retention of file backup that may be impossible to achieve with internal storage.

Even if agencies have maintained hourly snapshots for an extended period, recovery can become an overwhelming effort. For example, if an attack encrypts only three files in each hourly snapshot over a 60-day storage period, the process of mounting the snapshots and recovering three files from each must be repeated 1,440 times.

What are the tools and resources we use today for file recovery? What burden do they create for IT staff and users? Have they ever been fully tested?

With so many files stored across so many different systems and locations, IT also has many different logins, dashboards and management tools to use for backup and recovery. IT teams and users experience slow file recovery because traditional backup methods restore one file at a time. When hundreds, thousands or even millions of files are affected, recovery bottlenecks can arise from slow server transfer speeds, inadequate network bandwidth and files stored on multiple devices.

Even when IT has a well-defined backup and recovery plan, addressing normal configuration drift and testing those resources and processes in advance may be too difficult. Instead, agencies must rely on a fingers-crossed assumption that processes and resources will be adequate if ever needed.

What can benefit both IT and the agency is a centralized and consolidated solution for file backup and recovery. By leveraging the scalable capacity and dynamic flexibility of the cloud, this single, recovery-focused approach can help governments reduce costs, easily expand storage capacity as needed, and gain a secure and straightforward recovery source and process that can be verified with regular testing.

Do we have the flexibility to choose what is restored, from a granular file set to all offices simultaneously? How does this flexibility impact users and IT?

A ransomware attack may not attempt to shut down an entire jurisdiction or agency. Instead, it may lock only certain files because they contain valuable personal data or have a critical role in operations or services.

These types of targeted attacks can broadly affect users, even if their files weren’t initially touched. Compromises between recovery speed and recovery granularity and efficacy may need to be made even with more modern snapshot protection, let alone traditional protection systems. An entire file volume may need to be restored, meaning everyone’s work reverts to a retrievable backup and recent file versions may be lost. Minimizing this impact requires the ability to selectively recover only affected files, an easier task when all files and their previous versions are accessible in the cloud.

Can our current solutions for file backup and recovery keep up with our future operational changes and continued growth of digital content?

Requirements for lengthy records retention often mean storage needs quickly exceed the affordable and manageable capacity of a traditional on-premises storage strategy. These costs typically encompass infrastructure and management resources for both primary storage and backup, as well as a separate service for disaster recovery. And since the pandemic, IT teams have had difficulty purchasing additional storage devices because of supply chain issues, raising the potential to run out of capacity.

Certain cloud solutions offer secure storage capacity that is both simpler and more cost-effective to scale as the agency’s office locations, file volumes and sizes continue to expand. Cloud storage also offers several advantages for file backup and recovery:

• The right files are available when needed because they are stored securely in the cloud.

• A continuous backup cycle supports agency retention requirements and recovery point objectives.

• Efficient snapshots capture only incremental changes to reduce storage costs and support faster recovery

The Bottom Line

Whether to circumvent a ransomware attack, restore operations after a natural disaster or create resiliency for future change, maintaining access to current files is an essential priority for governments. Many public sector organizations look to cloud solutions for a single, global file system that includes file protection and granular recovery to gain the benefits of scalability, durability, simplicity and cost-effectiveness. One more benefit is subtle, but vital — the confidence that IT is ready to recover from whatever disruption to file access that humans, machines or nature may send the agency’s way