In a world where ransomware attacks are common, and too many cybersecurity strategies promise more than they deliver, companies of all sizes feel lost and unsure how to safeguard their data.
Now, more than ever, they lean on their managed services providers for guidance on smart technology investments and effective strategies to insulate their data from threats.
Most businesses understand how vital backup is, but many overlook the potential risk of reinfection during the data restoration process. Veeam’s 2023 Ransomware Trends Report reveals that 56% of companies are susceptible to reinfection during data restoration following a cyberattack. Addressing the prevention of reinfection is a crucial element of the data security dialogue that MSPs cannot afford to ignore.
Understanding Reinfection
Reinfection can manifest in two ways.
First, parts of the data uploaded to storage may have already been infected with malicious code. This is far from a rare occurrence, as cybercriminals can infiltrate a network, often remaining unnoticed for extended periods, and can corrupt files undetected by cybersecurity software. Companies that automate their backups might inadvertently continue with scheduled backups even post-discovery of an attack.
Tony Liau
Without careful restoration to a pre-exposure point, restoring this data could redeploy the malware, effectively causing reinfection of the primary network. Practically implementing this can prove challenging. There’s a significant risk of losing several days’ worth of hard work by the organization’s workforce.
The second infection pathway involves threat actors specifically targeting backup data files. Veeam’s ransomware report states that an alarming 93% of ransomware attacks deliberately target backups, and three out of four backup repositories are impacted by a ransomware attack.
There are ways to alleviate these scenarios, but they are often overlooked. In their rush to minimize downtime and maintain the continuity of customer or employee services, organizations might neglect to verify that the recovered data is free from malware. There’s also a risk of restoring data before fully understanding the ransomware strain or threat actor.
Furthermore, SMBs may simply lack awareness of these risks or the knowledge to implement suitable safeguards against reinfection. IT services providers can play a pivotal role by enlightening these clients on the potential dangers during the restoration phase and the tools to mitigate risk.
The Road to Reinfection Prevention
The foolproof approach to eliminate the risk of reinfection involves a combination of immutable storage for protecting data against ransomware attacks targeting backups and comprehensive malware scanning to ensure no corrupted data gets reintroduced into the environment.
Endpoint protection and antivirus software can help detect any corrupted code, but backup and recovery solutions also need to implement malware scanning. Staged restores could also be beneficial, allowing organizations to validate the cleanliness of the data at a temporary location before initiating the complete restoration process.
Now that ransomware attacks are targeting backups, immutability is a must-have. Immutable backups can’t be changed once written to storage, securing them from potential encryption, infection, or deletion, whether accidental or intentional. While immutability can’t prevent reinfection from already compromised data, it provides reassurance that backup data remains secure. Immutability plus scanned and staged restores are the only way to recover from an attack effectively.
It’s crucial that MSPs and their clients don’t rely solely on one protective measure—a combination of protection/ detection software and immutable backup is needed to ensure a seamless restoration process. Alone, these precautions are significantly less effective at preventing reinfection. However, with both components in place, MSPs can restore their clients’ data with complete confidence.
Tony Liau is vice president of product for Object First, a data storage startup on a mission to simplify data protection for Veeam customers.
