Better recovery from ransomware attacks requires effective detection

Saint Margaret’s Health, a hospital in Spring Valley, Illinois, will close its doors, marking the first hospital to publicly announce its closure due to a ransomware attack in 2021 that “prevented it from submitting claims to insurers, Medicare or Medicaid for months.” Combined with the complexities associated with COVID-19, the hospital was unable to recover financially. This will now require local residents to travel over 30 minutes to seek critical care.

But, financial costs are only part of the story. In a recent Ponemon study of 600 health professionals, two-thirds of respondents “who had experienced ransomware attacks said they disrupted patient care, and 59% of them found they increased the length of patients’ stays, straining resources. Almost one-quarter said they led to increased mortality rates at their facilities.”

A common strategy for most organizations is to rely on backup to restore data after a ransomware attack. Backup is an important and effective solution to recover from ransomware attacks. But, according to a 2022 Veeam survey, 58% of backup and restore operations fail. The more failures, the greater the risk of data loss and slow recovery.

Additionally, if ransomware attacks are not detected early, more damage can occur, resulting in days, weeks or months to recover data, if at all. According to a recent survey of over 160 CISOs by Evaluator Group, “CISOs struggle to detect attacks and find the last known good copy of data for recovery,…, along with bare minimum recovery expected to take hours with full recovery expected to take weeks or months often resulting in data that is forever lost due to malicious corruption.”

As a result, 71% of the respondents stated that earlier detection of ransomware attacks was what they wanted most moving forward. And “two-thirds of the respondents said they plan to add data analytics and/or machine learning tools to detect suspicious activity over the next year.”

Storage is your last line of defense against ransomware, and there is no safer place to store your data than on NetApp. NetApp is unique in the market in our approach to protect, detect, and recover data in the event of a ransomware attack. Not only do we offer guaranteed recovery of Snapshot data in the event of a ransomware attack, but we also provide advanced protection and detection technologies to mitigate the impact of ransomware.

NetApp detection technologies leverage AI and ML to detect anomalies in real-time by looking at file system and user behavior anomalies that may indicate ransomware, compromised user accounts, or malicious insider activity. In the event an anomaly is detected, Snapshot recovery points are created, and user account access to storage is blocked. You can watch a demo of how this works here. And with NetApp, insider threats, like rogue admins, can be addressed by requiring multiple administrators to approve sensitive tasks, such as data deletion.

NetApp offers secure, fast and efficient native storage backup and recovery, which is essential to operational recovery. And with the addition of advanced protection and threat detection, organizations can accelerate response and recovery in the event of a ransomware attack. Relying on recovery alone in today’s growing sophistication of cyber threats may prove inadequate. After all, an ounce of prevention is worth a pound of cure.