Tagged in

ransomware

Rubrik -  - Recovering Fast from Ransomware Attacks: The Magic of an Immutable Backup Architecture

Architecture

Recovering Fast from Ransomware Attacks: The Magic of an Immutable Backup Architecture

Summary Ransomware has been blasting my news feeds on a daily basis for years. Each article details the story of an organization that can no longer access their business critical data. Where the attackers have crippled their victims by encrypting access to production files and storage devices. According to the Emsisoft Malware Lab, ransomware attacks in 2019 “impacted at least 966 government agencies, educational establishments and healthcare providers” at a potential cost in excess of $7.5 billion. Whilst cyber security teams have invested in a myriad of protection tools, extortionists continue to find new mechanisms to encrypt organizations’ data. Backups are one of the most – if not the most – important defense against ransomware. But if subject to corruption, attackers will use it against you. Advanced ransomware is now targeting backups – modifying or completely wiping them out – eliminating your last line of defense and driving large ransom payouts. Rubrik’s uniquely immutable filesystem natively prevents unauthorized access or deletion of backups, allowing IT teams to quickly restore to the most recent clean state with minimal business disruption. This blog walks you through our one-of-a-kind immutable architecture and robust security controls that harden your data from cyber attacks. The…
Rubrik -  - The Importance of Cyber Resiliency During a Global Crisis

Product

The Importance of Cyber Resiliency During a Global Crisis

Cybercriminals have been busy exploiting global crises. Often in the form of phishing emails or other malware, these attacks prey on people’s need for information and have already started targeting large organizations, including hospitals and government agencies. For your organization, this means that hackers can easily attempt to take advantage of your employees who are eager for more news, leaving you vulnerable to ransomware. When combined with the growing sophistication of ransomware, the importance of cyber resiliency is more important now than ever.  Combat Ransomware with Rubrik Backups are often your last line of defense against ransomware and should be a reliable recovery strategy following an attack. In fact, advanced ransomware attacks target backup files—and the probability of a ransom payout increases when your last line of defense is compromised.  Recovery is typically complex and time-consuming for organizations relying on legacy backup solutions; identifying the scope of the attack, locating the most recent clean data, and restoring quickly can be a significant investment for any organization. And with today’s ransomware strains, backups themselves are often encrypted or deleted from an attack.   Customers across industries leverage Rubrik as part of their ransomware remediation strategy to ensure minimal data loss and business…
Rubrik -  - Built-in Immutability for Cyber Resiliency

General Tech

Built-in Immutability for Cyber Resiliency

Imagine one or more of your systems is unavailable because of some malicious attack, whether a nasty virus, ransomware, or sabotage from a disgruntled employee. No worries, these things happen —  you’ll recover from backup. Except you discover that your backups have been compromised in the same manner. This is usually where the term air gap gets dropped. Someone will say, “you need a truly offline backup — tape! There’s no way ransomware can get into a tape backup!” While that’s true, how long does it take to recover from tape stored in a land somewhere far, far away? If a backup takes so long to restore that there’s major financial or business impact, does it actually exist? Realistically, there are ways to protect your data stored by backup systems even without this gap.  I previously wrote a blog post about immutable infrastructures, but compute infrastructures are not the only way that immutability matters in the data center. Immutable, by definition, means the state is set or inflexible once constructed. In other words, it cannot be changed. The goal is to build a more reliable automated compute infrastructure in order to enable stable continuous delivery. Data is becoming more and more…
Rubrik -  - Exploring Passive Survivability: Bracing for a Cyber Attack

General Tech

Exploring Passive Survivability: Bracing for a Cyber Attack

Security attacks continue to be on the rise as threats like ransomware grow more mature. Many enterprises find themselves unprepared for an attack, with more organizations opting to pay ransom than ever before. This is because recovering from an attack is often time-consuming and complex, and in many cases, the backups themselves are compromised. Although preventing ransomware attacks may seem near impossible, there are tools and infrastructure best practices that can help you build an effective ransomware remediation plan to ensure cyber resiliency. In an article with Infosecurity Magazine, Robert Rhame, Director of Market Intelligence at Rubrik, explores the passive survivability model and how this framework can enable your team to bounce back from a successful attack. Let’s take a quick look at this model and how, according to Rhame, it can prepare your team.  A version of the below excerpted article originally appeared in Infosecurity Magazine. Design Your Infrastructure for Ransomware Resiliency When it comes to preparing for a threat that you can’t stop, your infrastructure must be designed in such a way that an attack, although damaging to your business, does not cause all of your operations to sink. Like a modern battleship, your infrastructure should be created…
Rubrik -  - The Day the Data Center Stood Still: A Tabletop DR Workshop

General Tech

The Day the Data Center Stood Still: A Tabletop DR Workshop

When it comes to being ready for the real thing, regular DR testing is crucial to preparing a team for all the moving parts involved when some random day goes really wrong. The trouble is, it’s not always possible to scrape together the time and resources needed to test as often as you should. In many organizations, the first time a crisis team gets together is for the big one.   This blog series shows how you can use tabletop workshops to do some hypothetical training and strengthen your disaster recovery and response strategy. In my first post, I discussed the importance and preparation of a tabletop exercise. This post will help walk through the setup and execution of the exercise. Let’s get started! Tips for Running Your Tabletop Workshop Each workshop has one facilitator to guide the exercise and 5-10 participants in the core and extended crisis team to roleplay the scenario. Note that participants will not necessarily be playing their actual role at the company, but working collectively as a group to address the disaster. Group Discussions One of the main goals of a tabletop workshop is to encourage group discussions that identify holes in your current DR strategy…
Rubrik -  - How to Throw a Disaster Recovery Tabletop Workshop

General Tech

How to Throw a Disaster Recovery Tabletop Workshop

Ransomware and destructive malware. You either groan with media fatigue or cringe at the thought of getting blown off the map by bitcoin bandits…perhaps both. For many organizations, creating a multi-leveled disaster recovery plan to accommodate this potential threat is now a top priority. The problem is, many organizations create a DR plan but don’t test each year. It’s easy to procrastinate DR testing, as it’s a costly activity in terms of both hours and infrastructure. But failure to test in a complete and realistic scenario can leave an organization woefully unprepared for some of the ancillary activities like communication and ownership of action. Essentially, the first time the crisis team meets should never be during a crisis. Simulating an attack around a table with a few colleagues doesn’t replace live testing, but it does uncover things you may not otherwise think of. This blog series will help walk through the setup and execution of a tabletop exercise for testing your DR plan. In true RPG style, this post will show how to simulate an unfolding disaster and apply your DR strategy in response. The advantage of running a tabletop exercise is its lightweight impact in terms of time and…
Rubrik -  - Kick Ransomware in the Teeth with Polaris Radar

Architecture

Kick Ransomware in the Teeth with Polaris Radar

There’s a strong chance that you, a colleague, or a peer at another company has been hit by a ransomware attack. This means that someone penetrated your perimeter defense, likely through human phishing methods or insecure external access (such as RDP), and has landed malicious code within a permissive zone of your production environment. The outcome of these attacks comes in the form of encrypted content (files, folders, operating systems, etc.) that require cryptocurrency payment(s) to make it accessible once more. This pain can hit especially hard when: Identifying where the malicious code exists to remove or neuter it. Scoping out the damage and either paying the “ransom” or restoring data from backup. Determining how to prevent the intrusion from repeating, if possible. Fortunately, we at Rubrik understand this pain all too well. One of our earliest customers, Langs Building Supplies, had their production environment hit by a ransomware snag back in 2016. Their team acted quickly and used the immutable nature of Rubrik’s backups to recover the encrypted data without paying the ransom. Huzzah! Since then, we’ve taken the state of the art to a new frontier with the release of Radar, an application that lives on our Polaris…
Rubrik -  - Introducing Rubrik Protection for Epic EHR

Product

Introducing Rubrik Protection for Epic EHR

How confident are you in your Epic EHR data backups? Here at Rubrik, we understand that our healthcare customers rely on their electronic healthcare record (EHR) system for real-time access to patient health data. Any downtime of this mission-critical system would jeopardize the quality of patient care and risk non-compliance with HIPAA and other regulatory requirements. Unfortunately, legacy backup solutions are increasingly stretched by the explosive growth of healthcare data and rising intensity of ransomware and malware attacks. Protecting large EHR systems is difficult, with slow backup and recovery performance potentially compromising patient data availability. Without proper security, backups of production data are equally vulnerable to ransomware attacks. And on top of these security risks, legacy backup systems are complex and require significant management time, often from dedicated specialists. With Andes 5.0, Rubrik addresses these pain points by extending its policy-driven data protection to both physical and virtualized Epic EHR systems. Here are a few of the key differentiators that set Rubrik apart: High-performance backups. Rubrik Cloud Data Management (CDM) accelerates Epic backups with parallel ingestion and an incremental-forever approach, with no impact on the Epic production system. SLA policy-driven automation. Through a single policy engine, backup administrators create and…
Rubrik -  - Polaris Radar: The Last Line of Defense

Product

Polaris Radar: The Last Line of Defense

Ransomware is getting increasingly more sophisticated, and attacks are getting harder and harder to avoid–even when strong security measures are in place. In fact, over 70% of organizations were infected by ransomware after it successfully bypassed their detection and prevention measures.* Ransomware rapidly mutates into new variants, making it extremely difficult to detect with traditional signature-based approaches. That’s why we built Radar, a Polaris app that increases resilience in the face of cyber attacks. Rubrik’s approach includes multiple layers of defense, such as anomaly detection, data analysis, and instant recovery.   Dealing with Ransomware No one likes having their possessions held for ransom and being blackmailed into paying cash for something that is already theirs. Typically, a data center is infiltrated undetected via an endpoint device from a phishing attack that will begin to rapidly encrypt files based on various criteria. At this point, the victim can either pay the ransom or lose their data. There are three main reasons corporations choose not to pay ransoms: It encourages ransomware hackers to carry out more attacks. It shows that the organization is willing to pay, making them a higher priority target. Paying doesn’t always result in getting the decryption key. Dealing…