How to Protect your VMs & Servers from Ransomware Attacks?

Ransomware is on the rise. This year, we have seen a lot more ransomware attacks than the previous year and these attacks would continue to follow on to the next year.

It is a threat not only for companies but also for government security agencies and even for small personal businesses.

Virtual environments are also at risk of falling victim to an attack. The simplest way to protect virtual machines (VMs) against ransomware is to back them up. This is key in protecting VMs against ransomware and every organization needs to be doing this.

Backing Up Virtual Machines

The first and the most fundamental step in protecting VMs against any ransomware attack is to back up the virtual machines. There are many vendors out there who offer solutions that can back up VMs and servers. These solutions can be in the form of an appliance, backup and disaster recovery appliance, or it can be a cloud-based solution, cloud backup and disaster recovery. Either way, it does the job and is used widely.

Now, choosing a vendor can be a bit tricky as there are so many vendors out there who offer similar solutions, so choosing the one that suits your organization the best can be a bit tricky. Fortunately, vendors share the features to their solutions beforehand which can help to identify which one can be the most beneficial for your organization. 

Dell, Nutanix, Unitrends, StoneFly, etc. all offer backup and disaster recovery solutions for backing up VMs and all sort of data. StoneFly, in particular, offers backup and disaster recovery appliances (DR365, DR365V, DR365Z, DR365U) and also cloud-based disaster recovery solutions (CDR365), which are cost-effective and reliable.

Backup Frequency of Virtual Machines

After deciding to back up your virtual machines, the new question comes into mind how often should you back up your virtual machines and servers? Every individual in every company will have different answers to this depending on the applications and workload that is residing in their virtual machines. 

Now, the question still resides. How often should you back up your virtual machines and servers? To answer this, you need to first determine how much data loss is acceptable for your organization if it suffers failure of any of your virtual machines. This is also known as Recovery Point Objective or RPOs. 

RPOs should be as minimum as possible and a good backup and recovery appliance or a cloud-based backup and recovery solution can offer minimal RPOs.

Another thing that needs to be taken into consideration is Recovery Time Objective or RTO. This is the amount of time it takes for your organization to recover from a failure. 

RPOs and RTOs, both are linked to downtime. If your organization cannot sustain downtime of more than 5 hours, then the RTO should not exceed more than 5 hours. Ideally, it should be as little as possible, in order to ensure smooth operations and achieve business continuity.

RTOs and RPOs are very important considerations that need to be well thought of, prior to implementing backup policies as they are linked to data recoverability. Many organizations do not consider them important when it comes to backing up VMs and servers, and as a result, they fail to achieve the recoverability goal of the organization. 

For example, if your organization has a production application with an RPO of 6 hours and that application is being backed up with a default daily backup job, there is no way you will prevent data loss and you will face a big amount of data loss in the event of a ransomware attack on that virtual machine. 

It is very important to understand the RPOs and RTOs of your organization and schedule VM backup jobs accordingly to ensure that there is no data loss in an event of a ransomware attack.

Vendors like StoneFly offer cloud backup and disaster recovery solutions with RTOs and RPOs as little as less than 15 minutes. 

Ensure Recovery of Virtual Machines: DR Testing

Backing up virtual machines and servers is not enough, you also need to make sure that they can be easily recovered so that at the time when actual recovery is needed, you are able to recover them successfully.

This can be done by regularly testing the DR backup and VM backup. During the testing process, you need to check that are your backup jobs completing? Are there any errors in recoverability? Ensuring that backup jobs are completed successfully in the required time will help make sure that the virtual machines are recovered in a timely fashion. 

Testing recovery of one virtual machine is one thing but testing recovery of a large number of virtual machines can be a tricky task. Processes must be in place to ensure that applications and VMs are all recovered efficiently during a disaster and in the order which makes the most business sense for the organization.

Now, every organization has applications that are of more priority than other applications, and some are even in the same virtual environment. 

For instance, one application is much more important than the rest of the applications. However, the backup job is set to backup data every 6 hours. Now, this can be a problem as this application has critical data and need to be up and running within 2 hours of a disaster. So, in the event of a disaster, the organization would lose a lot of data and money, trying to recover the lost files in the application and backup would be of no use.

It is important to understand that the organization’s RTO and RPO goals are set according to the crucial and high priority applications so that there is no chance of data loss and downtime and the application can be up and running in a minimum amount of time without having to suffer any data loss or downtime. 

Having said this, the recovery of each and every application should be tested and it should be in line with the RTOs so that there are no disruptions in recovery and there is no amount of data loss.

Final Thoughts

The threat of ransomware has increased significantly and just like regular data, VMs and servers are also at risk. The above-explained points can help an organization to protect their VMs and servers from ransomware and disaster recovery testing can help ensure recoverability of applications and data.

Image by pikisuperstar on Freepik