The global and independent platform for the SAP community.

Backup strategy against data extortion

Cybercrime is booming. The current attacks, in which data is encrypted using the encryption Trojans "Locky," "Jigsaw" or "Petya" and only released again for a ransom, have reached a new level.
E-3 Magazine
June 30, 2016
Open Source
avatar
This text has been automatically translated from German to English.

The perfidious thing about this is that anti-virus solutions only detected - and continue to detect - the ever new versions when it is already too late. The current wave of attacks with ransomware was only detected by virus scanners weeks after it became known.

In the meantime, the Trojans had long been up to no good. Several companies and administrations in Germany were affected and some had to shut down operations.

Hospitals in the USA have paid ransoms. Depending on the size of the company, this amounts to between 200 and 15,000 euros. The only possible effective protection is an intelligent backup strategy.

But some companies are shying away from this logical step, preferring to stockpile Bitcoin in order to be able to buy their own data free, as a recent survey of British companies shows.

The data protection strategy should be an integral part of the IT security concept. What's more, the whole thing isn't all that difficult, but it can still make the difference between the weal and woe of business success. You just have to follow a few rules.

Currently, the majority of attacks are aimed at Windows systems. But recently, other systems have also been at risk. The success rate of the blackmails encourages the cybercriminals to attack other operating systems as well.

Since this form of cybercrime is promising for the attackers, as the British survey shows, attacks on SAP environments in the corporate environment and open source solutions must also be expected in the near future.

Backups also compromised

As a specialist for backup solutions, SEP sees the database files as the main target in the case of the Crypto Trojans. Organizations can be hit most seriously here in their business operations.

Recovery after an attack usually corresponds to a disaster case. But what happens if the backup data is also already infected and cannot be read during recovery either?

In addition to the classic backup scenarios, i.e. weekly complete backup of all data (full backup) and at least daily backup of data that has changed in the meantime (differential or incremental backup), further measures are necessary.

Thus, the backup data should be stored using "media break" on a separate tape drive (tape) and, if feasible, in a different location.

This way, the malware can no longer access the backup data. The retention period must be extended in view of the undetected propagation period.

As in all backup scenarios, data volumes add up with every backup, especially full backups. Deduplication can help here and intelligently minimize the volume of data kept in backup storage.

Attack - and now?

Once an attack has happened, the point in time must be narrowed down. Then the recovery process begins. Initially, data may only be accessed in read-only mode.

If the encryption command has not yet been executed, at least the data can be read this way. If the last secure data set is found, the systems are restored cleanly with this.

To ensure a speedy recovery at all times, regular recovery tests should generally be rehearsed by all systems or automatically validated by the backup software.

So when it comes to protection against threats, firewalls and antivirus software are no longer the only relevant factors. The awareness for an intelligent backup strategy must be strengthened again by the new threats.

After all, backup and recovery are an important pillar when it comes to IT security in companies and organizations.

avatar
E-3 Magazine

Information and educational outreach by and for the SAP community.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 24, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.