VMware Cloud Disaster Recovery vSAN

Ransomware Requires DRaaStic Measures—Part II

Gas Shortages and Rising Oil Prices, Courtesy of Ransomware

The latest ransomware attacks continue to expose vulnerable organizations across the globe, and even world leaders are becoming increasingly concerned about it. Just a few weeks ago, the Russian hacking group REvil attacked Managed Service Providers (MSPs) that use Kesaya’s software, holding them hostage for a ransom reaching $70M. The cyberattack impact ranged from a grocery store in Sweden to a school district in Australia losing access to their data.

Not long before that, privately held Colonial Pipeline, one of the largest pipeline operators in the United States providing roughly 45% of the East Coast’s fuel, was also hit with a cyberattack that forced the company to proactively close down operations and freeze IT systems. This interruption of service actually caused an increase in oil prices—talk about a real-world scenario. Ransomware is expected to cost organizations and consumers around the world over $10.6 trillion (USD) this year alone[1].

Adapting vs. Responding, the Ultimate Goal

With attack surfaces increasing exponentially due to the exploding rise of edge computing (50% of new infrastructure will be deployed at the edge by 2023[2]), organizations are realizing—sometimes the hard way—that there’s no ironclad way to prevent a ransomware attack, which is why the intersection of security and recovery will eventually drive cyber-resilience—the ability of an organization to rapidly adapt to business disruptions by leveraging digital capabilities to restore business operations and capitalize on the changed conditions, or what some refer to as adaptable production readiness.

Cyber-Resiliency is a Team Sport

At VMware, our approach to cyber-resiliency combines two robust offerings that complement each other throughout the ransomware protection cycle: VMware Carbon Black Cloud and VMware Cloud Disaster Recovery. Together, they bring a robust set of features to drive confidence in that your data is not only safe, but also available when you need it the most.

Technology and Best Practices Save the Day

It takes organizations an average of 24 days to detect a ransomware attack. Not coincidentally, late detection is the primary cause for severe data breaches.

Understanding what data your organization holds and how to manage it is the foundation of your business continuity—you can’t protect what you can’t see.

In addition, training your employees constitutes the first line of defense. Best practices such as providing training on phishing campaigns, instituting Multi-Factor Authentication (MFA) and restricting user privileges will make a difference, so don’t ignore them.

Technology has also come a long way in helping you take ownership of your workload security. With VMware Carbon Black Cloud, you can reduce the attack surface and harden your workloads with prioritized vulnerability reporting. In addition, you can easily audit your systems to track security anomalies and harden workloads against attack, while enabling the InfoSec team to collaborate with Infrastructure and Development to address vulnerabilities.

The unfortunate reality, though, is no security tool can be 100% effective as ransomware is an evolving threat. Cyber criminals are targeting organizations of all sizes with increasingly sophisticated attacks which sometimes overcome their most advanced security measures.

Not to panic, though—if you make wise choices, there’s always recovery after disaster.

Let’s consider the worse-case scenario—ransomware gets through your lines of defense. At that point, the only thing that matters, is how you regain access to your systems. So, here’s where having done the DR homework—having a DR plan, mapping your applications, setting up your protection groups and retention policies—pays off. Below is the VMware Cloud DR approach to DR Readiness:

VMware’s approach to DR Readiness, with VMware Cloud DR

VMware Cloud Disaster Recovery steps in as your last line of defense. When the tension is highest, you’ll benefit from a tool that’s simple to operate, intuitive to manage and which provides a reliable solution to your data availability concerns. With a deep history of immutable snapshot copies stored in a cloud-based Scale Out Cloud File System (SCFS) and a SaaS-based management console and orchestration engine, VMware Cloud DR can get your production workloads back up and running with efficiency and reliability—without budgetary nightmares.

You can choose the deployment model that best fits your SLA requirements—fully on-demand for workloads with a higher SLA tolerance, or Pilot Light Mode for more sensitive workloads with a lower RTO requirement. With this second option, a small footprint of failover capacity is spun up in the cloud and is ready to scale on-demand in the event of a failover test or commit. Having a clean failover site is not an issue, as failover capacity is provisioned on-demand. This is particularly beneficial for ransomware protection, as it provides a clean environment to test your backup snapshots safely before committing a final failover once you’ve identified a clean recovery point. The testing of recovery points also constitutes a key task that can be dramatically simplified thanks to the capabilities in Carbon Black Cloud.

Another feature which proves essential for ransomware protection, are the continuous DR health checks every 30 minutes. These ensure that your environment is ready to go and that you’re able to seamlessly conduct your DR operations either in test or commit mode.

VMware Cloud DR brings Disaster Recovery, delivered as an easy-to-use SaaS solution, with cloud economics. With Carbon Black Cloud, they are a match made in heaven for ransomware protection.

The Time For Action is NOW

There could be lots of reasons why you haven’t created or updated your DR strategy. Maybe you don’t feel like you have the resources for a comprehensive plan. Maybe the person with all the answers has just left your company. Or maybe the IT team has a plan, but they’re having to rely on a piecemeal approach scattered across too many manuals.

Whatever the reason, it’s time to take action and VMware can help you. Check out these additional resources that will help you get started.


VMware Cloud DR Blogs


Contact Sales

Don’t be fooled—having a plan and being able to easily and reliably execute that plan are two different things. It is time to rethink your approach to cyber-resiliency. With so much at stake, you need a plan that gives you flexible, reliable coverage. Rely on VMware to protect your data, and benefit from a consistent stack and tools you already know and understand.

Because you’re the owner of your organization’s data, you have to decide if it relies on a prayer or a plan. Let’s plan on recovery.

[1] Cybersecurity Ventures

[2] IDC Directions 2021- Digital Resiliency: DX Spending and the Need to Drive Adaptability and Automation, March 2021, Crawford del Prete