Imagine the impact of a major data breach — sensitive customer information exposed, proprietary business data stolen and the inevitable fallout of financial and reputational damage. Without a robust business continuity and disaster recovery (BCDR) solution, these nightmares can quickly become a reality.
According to Sophos’ The State of Ransomware 2024 report, nearly 60% of businesses fell victim to ransomware attacks in 2023. The Q1 2024 Corvus Insurance Ransomware Report revealed that global ransomware attacks have reached new highs in 2024, citing a 21% increase compared to Q1 2023.
Businesses today face significant challenges in ensuring data security, particularly with cyberthreats, such as ransomware, rapidly growing and their tactics constantly evolving. New attack methods, such as double extortion, backup neutralization and delayed payload execution, were seen in recent cyber incidents, making data protection and recovery even more challenging.
As companies increasingly rely on vast amounts of data to drive critical business operations, resilience becomes a strategic imperative for thriving in a data-centric business environment. The ability to withstand and swiftly recover from disruptions ensures continuous access to accurate and secure data, enabling businesses to operate seamlessly even in the face of cyberattacks, natural disasters or system failures.
In this article, we share invaluable lessons learned from various data disasters to provide organizations with insights and strategies to strengthen their resilience. By examining real-world examples and the challenges encountered, we aim to equip businesses with practical knowledge to enhance their data protection and business continuity strategies.
Case studies of untold data disasters
Mastering data protection is a must in this digital age. Companies across all industries face an ever-increasing barrage of cyberattacks, heightening the challenges of keeping their data secure, recoverable and compliant with regulations. We’ve compiled four powerful Unitrends case studies from companies that have successfully defeated data disasters. While they’ve asked us to keep their identities secret, we think the lessons learned are worth sharing.
Backup strategy is key
Threat actors were able to breach a non-profit institution’s environment due to weak passwords. The institution was backing up data site-to-site but wasn’t getting a copy off-network before the attack. As the criminals moved laterally, they discovered the Unitrends backup appliances and accessed the backup infrastructure by successfully cracking the password. At the time of the attack, multifactor authentication (MFA) had not been configured for their backup infrastructure. After gaining administrator access to the backup appliances, the criminals deleted all backups, encrypted production data and demanded a $750,000 ransom.
The non-profit worked with its cyber liability insurance provider to negotiate the ransom down to $450,000, which they paid. Unfortunately, the decryption key failed, leaving their data unusable and the payment wasted.
Fortunately, a skilled Unitrends L3 support technician was able to meticulously reconstruct the organization’s backups from one of the backup appliance’s databases and assisted in the successful restoration of critical accounting systems.
Lessons learned
- Your safety is only as strong as your passwords.
- Multifactor Authentication (MFA) is a must-have to harden security and deter unfettered access to systems.
- Follow the 3-2-1 rule. Always have an off-site, immutable copy of your backups.
- Implement a resilient backup and disaster recovery solution like Unitrends. Unitrends UniView offers enhanced security features, including multifactor authentication (MFA) and the ability to block access to an appliance’s local UI to enforce MFA and/or single sign-on (SSO). These features are available free of charge to all users. Replicating backups to the immutable Unitrends Cloud ensures that an organization’s critical data remains unaltered, secure and compliant with industry rules and regulations.
Incident Response Team (IRT) alignment is crucial
A large manufacturing company managing 200TB of data and over 700 VMs deployed Unitrends appliances and cloud for off-site retention and Disaster-Recovery-as-a-Service (DRaaS) due to its small IT team’s capacity limits. The company suffered a ransomware attack that encrypted all production data and backups from another vendor. However, Unitrends backups on a hardened Linux appliance were unaffected. After quarantine and mitigation, recovery preparations began, but the company’s cyber insurance provider revealed that third-party scans are required to identify the intrusion point and validate data health. The company could only recover its data after completing these scans as part of the insurance audit.
Unitrends Support assisted the customer in recovery efforts as they lacked a documented DR plan and were still onboarding to DRaaS. Opting for local recovery, the company used Unitrends Data Copy Access to automate isolated labs for VM recovery and analysis. VMware’s Carbon Black, approved by their insurer, confirmed the data was clean. Once scanned, VMs were pushed live using automated orchestration. Three IT admins and the IT director recovered more than 780 VMs in just over 48 hours.
Lessons learned
- Hardened Linux appliance architecture is more resilient to attacks than Windows-based backup software.
- Cyber liability insurance often includes challenging clauses for payouts. Automated testing from Unitrends helped meet these requirements.
- Resilient cloud backup solutions, such as the immutable Unitrends Cloud, are essential for a comprehensive backup strategy.
Differentiating backups from production is paramount
The customer’s IT setup was co-managed with an MSP. The internal IT director trusted their previous Windows-based backup vendor and resisted changes until a second ransomware attack occurred. The company had previously experienced a similar attack that wiped out their backups.
The company hired an MSP to evaluate new solutions, including a Unitrends Linux-based backup appliance. While the evaluation was underway, the second attack hit, erasing backups from their current software-based solution.
Backups on the Unitrends appliance survived the attack, enabling quick and easy recovery for the customer. The company promptly deployed Unitrends backup and recovery solutions for its entire environment.
Lessons learned
- Backups are often the first target of cyberattacks.
- Attack methods like Active Directory attacks, virtual host takeovers and high-scoring Common Vulnerabilities and Exposures (CVEs) exploitation are common due to the widespread use of Windows OS. Differentiating your backup environment from production improves resilience against such attacks.
Understanding attackers’ ever-changing tactics can be a game changer
A large Canadian organization operates multiple data centers, including some hosted by a third-party partner. They implemented Unitrends at their directly managed locations. When malware hit their data center provider, production VMware data was held hostage and the backups from other vendors were impacted, making data unrecoverable. The customer had access to their hosted workloads through their RMM solution (Kaseya VSA), which the Unitrends team used to push backup agents in an attempt to recover data not yet encrypted by the attack. The first test, an image-level backup on a jump server, resulted in the jump server going immediately and permanently offline as the malware activated during backups (likely as a result of VSS calls), underscoring the severity of the situation.
With a better understanding of the malware’s behavior, Unitrends Director of Product Management and the support team adjusted the way Unitrends backed up data. Unitrends provided a free virtual appliance to aid recovery outside the hosted environment. Focusing on SQL data, they modified file-level backup settings to avoid Volume Shadow Copy Service (VSS) calls and used the VSA to free up in-use files. After successfully backing up a small SQL instance, they moved on to more critical data. The uninfected data was backed up to the virtual appliance and restored to the customer’s site.
Lessons learned
- Malware evolves rapidly, making recovery unpredictable. Flexible backup and recovery options are essential to counter these threats effectively.
- A dedicated team of experts, like Unitrends, greatly improves the chances of overcoming an attack.
Check out our latest eBook to unlock the secrets to successfully overcoming data disasters.
Lessons learned and key strategies for building resilience
The case studies presented highlight the critical need to bring together people, processes and technology to achieve resilience and secure a successful outcome, even in the most challenging circumstances. Here’s a brief overview of key takeaways and essential strategies to strengthen data protection.
Evolving threats
Malware continuously evolves, making recovery scenarios unpredictable. Organizations must adopt flexible backup and recovery options that could adapt to changing threat landscapes. This includes leveraging automated testing and isolated recovery environments to ensure that backups are reliable and accessible when needed.
The critical need for reliable data backup and recovery solutions
In today’s complex and threat-filled business environment, having a dependable data backup and disaster recovery solution is non-negotiable. Cyberattacks, natural disasters and system failures can occur unexpectedly, disrupting normal business operations and putting critical data at risk. A robust backup and disaster recovery solution enables businesses to quickly restore data, maintain continuity and minimize downtime. It also offers peace of mind, ensuring data is safe from loss and corruption. Investing in reliable backup and recovery solutions not only protects against immediate threats but also strengthens an organization’s long-term resilience and stability.
Resilient architecture
Implementing a hardened Linux appliance architecture is more resilient to attacks than traditional Windows-based systems. Linux systems are less targeted and can offer better security features, reducing the attack surface and enhancing the overall robustness of a backup solution.
Immutable backups
Ensuring that backups are stored immutably and off-site is vital for added security. Immutable backups cannot be altered or deleted by attackers, providing a reliable recovery point. Off-site storage adds another layer of protection, safeguarding data against physical damage and cyberthreats at the primary location.
Compliance and preparedness
Understanding and meeting cyber insurance requirements is crucial for ensuring that organizations can recover financially after an attack. This often involves conducting third-party scans and maintaining documentation that proves compliance. Regular audits and updates to disaster recovery plans can help meet these stringent requirements.
Expert support
Having a dedicated team of experts, like those at Unitrends, significantly enhances the chances of successfully overcoming an attack. These experts bring maturity and sophisticated problem-solving abilities, which are crucial during a crisis. Regularly engaging with such professionals for assessments and updates can bolster an organization’s security posture.
Pro tip
Organizations should regularly assess their resilience measures to identify gaps and areas for improvement. Taking proactive steps, such as investing in advanced backup solutions, engaging expert support and enhancing infrastructure resilience, is essential. Preparing for potential data disasters through regular testing and updates ensures business continuity and minimizes the impact of cyberattacks. By prioritizing resilience, organizations can better protect their data and maintain operational integrity in the face of evolving threats.
Take a quick product tour to see how Unitrends simplifies data protection regardless of location.
Overcome data protection complexities with Unitrends
The proliferation of cloud services, remote work and decentralized data storage has made it increasingly difficult for businesses to maintain a cohesive and secure data protection strategy. The scattered data environment further complicates data recovery efforts and heightens the risk of data loss or corruption during a disaster. Our all-in-one backup and recovery solution empowers you to protect your critical data no matter where it lives.
At Unitrends, we also understand that IT professionals are often asked to do more with less. That’s why our industry-leading backup and DR solutions come with powerful automation capabilities and intelligent features that streamline data protection and recovery. They help to significantly reduce management time, freeing up time and giving you 100% recovery confidence. Whether your critical workloads are stored in on-premises data centers, endpoints, cloud environments or Software-as-a-Service (SaaS) applications, with Unitrends, you can rest easy knowing they are always secure and available whenever you need them.
Get pricing and details to see if Unitrends is the right fit for your organization.