Data Recovery after a Ransomware Attack for Cloud and Object Data

Backup and data replication are essential tools for protecting the valuable data that organizations keep in the cloud and on on-prem object storage systems. Especially with the constant threat of increasingly sophisticated malware, companies are becoming more aware of the importance of having a reliable strategy for redundant data storage.

In order to quickly return to normal business operations after a cyberattack, one question is critical: Is the state that is restored from replicated data assets and backups free of malware?

  • Often, malware has been “lying dormant” in the system for several months before it becomes active.
  • Restoring the most recent backup would thus restore an already infected state, if necessary.
  • After a certain period of time, the malware breaks out again.

It may therefore be necessary to fall back on older backups – in the best case to a state that can be precisely dated.

Backup Medium and Backup Volume

Under these circumstances, a suitable backup strategy is a major challenge: maximum protection must be created for the large – and constantly growing – volumes of data. At the same time, the financial and time costs must remain reasonable.

Object Storage Backup on Tape

The choice of the backup medium is the first step: As a classic, cost-efficient and secure backup medium, tape is also suitable for storing cloud and object data. Detailed information on S3 storage on tape can be found here in the blog, for example.

Full and incremental backup

The combination of full and incremental backups offers a compromise for backup volume reduction and data availability in case of corruption.

  • Large-volume full backups are only performed at longer intervals.
  • Between these times, so-called incremental backups are created, in which only the changes that have taken place since the last backup are saved. These incremental backups occupy a considerably smaller storage capacity than full backups.

Backup and Snapshot Restore with PoINT Data Replicator

PoINT Data Replicator is a software solution specifically designed for backup and replication of cloud and object data. PoINT Data Replicator creates data protection by replication or backup into a physically separated S3 bucket, which is directly accessible via S3 in case of disaster.

Data backup is possible as continuous replication of data as well as scheduled backup. In each case it can be carried out completely or incrementally. Thus, PoINT Data Replicator offers flexibility for setting up the individual data backup schedule.

PoINT Data Replicator, Backup
PoINT Data Replicator, Screenshot

Since version 2.2 PoINT Data Replicator offers with the so-called Snapshot Restore an effective feature for data recovery after a ransomware attack. The function allows to restore older data inventories specifically based on a selectable date.

PoINT Data Replicator, Snapshot Restore
PoINT Data Replicator, Screenshot

In doing so, PoINT Data Replicator first accesses the last complete backup created before the attack – and supplements it with the incremental backups available up to the moment of the attack. Thus, the state of the data can be restored until shortly before the compromise.

In combination with a tape-based object store such as PoINT Archival Gateway, a reliable as well as cost-efficient solution for protection against data loss due to cyberattacks is available.