Your backups are under attack. In addition to your primary data, cybercriminals are now targeting your backup copies. In September 2021, several cybersecurity publishers reported ransomware groups were compromising backup data sets. Cyber groups specifically target backup solutions to ensure that the victim has no other option except for paying the ransom.
The importance of backup copies to ransomware recovery
A recent Coveware study highlighted the importance of backup copies; the “average ransomware case duration in Q4 2021 was 20 Days (-9% from Q3 2021). This decrease is attributable to an increase in the number of companies that were able to recover from backups, which is ALWAYS faster than attempting to decrypt data with a threat actor decryptor.”1 With secure backup copies, organizations save valuable time in restoring their workloads, avoid paying the ransom and reduce the organization costs due to ransomware.
The need for immutable storage
The term immutable means “unchangeable or changeless.” When applying this to backup data, whatever data you backup according to your set policies will be the available data to restore, as it remains unchanged and unmodified. Immutability protects within as well as outside of the backup solution.
Securing backup data against random unauthorized changes can seem challenging with every environment’s unique infrastructure. Therefore, Commvault has taken an agnostic approach to immutability. With Commvault, you do not need special hardware or cloud storage accounts to lock backup data against ransomware threats. If you happen to have Write-Once, Read Many (WORM), object lock or snapshot supported hardware (which Commvault fully supports), you can still use Commvault’s built-in locking capabilities to complement and layer on top of existing security controls. Having the ability to layer security controls across different infrastructure types is what sets Commvault’s immutable solution ahead of its competitors.
Quickly implement immutable Commvault backup copies
In your Commvault data protection environment, you can configure ransomware protection for local and mounted disk libraries on a Microsoft Windows MediaAgent, Linux MediaAgent, and a node in a Commvault HyperScale™ storage pool. After you configure ransomware protection, only specific white-listed Commvault processes can modify the backup data that is present on the MediaAgent. This immutable data protection dramatically reduces the risk of a ransomware attack on the backup data.
Enabling the Ransomware Protection Feature will prevent non-Commvault processes from accessing or changing the files on disk libraries.
Five easy steps to immutable backup copies
1. In the Commvault Command Center™ navigation pane, go to Manage
2. Select Infrastructure.
The Infrastructure page appears.
3. Click the MediaAgents tile.
The MediaAgents page appears.
4. Click the MediaAgent.
5. In the Control section, move the Ransomware protection toggle key to the right.
You have successfully enabled the Ransomware Protection Feature for immutable backup copies.
For additional information, read:
- Windows: Enable Ransomware Protection on a Windows MediaAgent
- Link: https://documentation.commvault.com/11.23/essential/142279 enabling ransomware protection on mediaagent.html
- Linux: Configure Ransomware Protection for Disk Libraries on a Linux MediaAgent
- Link: https://documentation.commvault.com/11.23/essential/130720_data_management.html
Recent ransomware attacks have revealed deliberate malicious actions to destroy backup copies and recovery capabilities. With Commvault data protection, you can easily create immutable backup copies to protect and recover from ransomware.