Ransomware is nothing new. In fact, given the attention it’s received over years of high-profile attacks, it may even feel like old news. But that doesn’t mean ransomware has gotten any less dangerous – Verizon reports that ransomware accounts for 70% of system intrusions, and was the initial action in 23% of all reported breaches in 2024. It’s consistently a popular attack strategy for cybercriminals as it offers a quick payout from businesses who are willing to pay the ransom.
But the costs of a ransomware attack extend far beyond the ransom that cybercriminals demand. The downtime caused by ransomware attacks has severe implications for a business – HPE has found that the average organisation loses $250,000 (£198,107.50*) per hour when experiencing downtime, and as this downtime can go on for hours, if not days, these secondary costs often eclipse any amount bad actors may demand as a ransom.
Often, the response to this is to invest more heavily in cyber defences, which can help to defend against ransomware attacks and keep cybercriminals out. But defences can only hold out for so long – a bad actor only needs to get lucky once to breach a system, and a cyberattack is launched every 39 seconds. As such, businesses need to consider how they can avoid downtime and recover with minimal disruption if a ransomware attack is successful.
Avoiding downtime
The most effective way to avoid downtime and recover from a ransomware attack is simply to restore an IT environment from a backup, but this can also present issues for an organisation.
For starters, if backups aren’t taken regularly, restoration can present a significant disruption to business operations. For example, if new recovery points are created weekly on a Friday, then a ransomware attack that occurs on a Thursday can force a business to lose almost a full week’s worth of data.
Further issues can be caused if backups aren’t stored for long enough. Some strains of ransomware include a pre-defined “dwell time”, usually between 5-9 days, where the malware sits dormant in the environment before the attack is launched. This means that backups may also be compromised with ransomware, and a limited number of recovery points means all options may already have dormant ransomware.
Both of these potential problems can be further exacerbated if IT teams don’t regularly test their backup strategy, leaving them inexperienced at orchestrating a recovery. However, these tests often cause significant disruption to business operations, disincentivising IT teams from running them too regularly.
As a result, an IT team tasked with bringing an environment back online after a ransomware attack may be faced with a limited number of recovery points, many of which will likely entail significant data being lost, and will have to put their faith in systems that haven’t been regularly tested. It’s no wonder restoring from a backup can often be seen as a last resort for dealing with ransomware, rather than the first port of call.
Enter HPE Zerto
However, HPE Zerto is designed from the ground up to help businesses minimise the downtime they experience – whether through natural disasters, or ransomware attacks. Zerto utilises near-synchronous replication to ensure recovery point objectives (RPOs) of seconds and minutes, rather than hours or days. This means that IT teams can recover files from the moment before an attack begins, making any disruption negligible.
Zerto’s replication is also agentless, and doesn’t rely on snapshots of the live IT environment, meaning that day-to-day operations aren’t impacted by replication. This allows Zerto to continually back up applications and data in the background of your usual IT operations.
A unique data journal allows restoration from hundreds, if not thousands of different points, and can be configured to retain information from anywhere between an hour and 30 days, which also makes it ideal for quickly recovering information from accidental deletion, as well as protecting from external threats.
Zerto’s continuous, near-synchronous replication and minimal impact on operations means it can be tested regularly with minimal disruption to the businesses, giving IT teams vital assurance that their backup systems are working as intended, and making the process of recovering from a serious incident as smooth as possible.
Unlike other backup solutions, Zerto also actively detects anomalous events that may suggest the beginning of a ransomware attack, helping IT teams detect threats before they spread through the environment and know for sure if a given recovery point was taken before or after the attack began.
These defensive capabilities are enhanced even further by the Zerto Cyber Resilience Vault – an appliance which allows for rapid recovery of data from an air-gapped, secure environment built on best-in-class HPE technology.
As such, Zerto offers more than just a backup solution – it presents a best-in-class option for protecting your data from cybercriminals, and for maintaining business continuity during minor disruptions. If you’d like to know more about how you can use HPE Zerto in your IT environment, get in touch with our team today.