Recovering from Ransomware Attacks with Rubrik

Ransomware attacks remain a significant threat and can be life-threatening to business when successful. Some organizations try to protect their data by duplicating and air-gapping their infrastructure with scheduled updates to protect against ransomware or cyberattacks. Is there a less expensive, less complex way to achieve similar benefits?


Air-Gapping and Isolated Recovery

The term air-gapping us used to describe the physical isolation between two networks to protect one of them from outside attacks. Isolated Recovery is built on the concept of having a separate datacenter infrastructure that is disconnected from the primary infrastructure via an air-gap. In the case of Isolated Recovery, the air-gap is closed on a regular schedule for replication updates. However, this approach results in a notable increase in cost and operational complexity any time infrastructure is duplicated.

Is there a real benefit in protecting data from ransomware in this way? What if the ransomware isn’t detected before the scheduled backup update occurs? At that point, the separate infrastructure hasn’t bought the organization anything despite its cost and complexity. Also, what if the scheduled update happens after a ransomware infection or other attack but before detection, for example if ransomware is dormant? This scenario results in ransomware-encrypted files in both places.

If a ransomware attack is caught before the scheduled update, you’re still dealing with the classic challenge of backup and recovery systems as they relate to ransomware: the speed of restoring backups.

The approach of air-gapping and isolated seems to provide few real-world benefits as a defense mechanism.


How Rubrik can help

But what is the real challenge? The main challenge is protecting against undetected ransomware file encryption. Rubrik can help with precisely this challenge in two key areas.

  • Reliability of Data Recovery
  • Speed of Data Recovery


Reliability of Data Recovery

While the underlying question is simple, «is the backup data there when it is need?», the underlying factors are more complex and related to two factors: Simplicity of Setup + Day to Day Operations and Immutability of Snapshots.

Simplicity of Setup + Day to Day Operations – this is critical due to the underlying complexity of most backup systems.

Immutability of Snapshots – unlike some other backup systems, Rubrik backups (aka snapshots) are immutable once created. Regardless of subsequent backups as the previous backups are never affected. Additionally, the previous backups are never available in a Read/Write state to the client. Even during a restore of a VM, the underlying backups remain Read Only. This prevents ransomware from being able to access and encrypt backup data.


Speed of Data Recovery

Data needs to be restored quickly enough to avoid major financial or reputational impact to an organization. Rubrik’s capabilities apply to this area in two ways.

  • Speed of restore via live mount. Live mount focuses on the capability to make backup data available instantly without a traditional restore process.
  • Automation/API to enhance restore capabilities. A native REST API allows much greater flexibility in restoring to recover from a ransomware attack.

To learn more about how Rubrik can help recover from successful ransomware attacks, please check out their website or contact your local Exclusive Networks Account Manager.