When Hackers Disable Backups

Downtime is the most expensive aspect of a ransomware attack. Given the potential downtime caused by such an incident, it is essential for businesses to implement technologies and processes to protect themselves. But how can they achieve this?

Backups remain vital for data protection, but they are no longer sufficient. Implementing advanced data protection capabilities helps businesses better prepare for and recover from ransomware and cyberattacks. This essentially requires a dual approach: creating regular, immutable, and undeletable copies of data, and having the necessary infrastructure in place to restore backups rapidly and at scale.

Immutable and Undeletable Backups

In the event of a cyberattack or other incident that compromises data or disrupts operations, businesses can restore critical data from their immutable copies, allowing them to resume operations quickly—without succumbing to the demands of cybercriminals. An immutable and undeletable backup means that copies of data cannot be encrypted or deleted in any way, even if someone manages to access the administrator credentials. This makes such backups significantly more resilient and reliable in the event of a cyberattack.

Equally important is the ability to restore data as quickly as possible. Backups lose their effectiveness if operations cannot be restored swiftly. Some of the most advanced flash-based storage solutions significantly increase data restoration speeds. Leading solutions offer recovery performance in the hundreds of terabytes per hour. This means that businesses can restore their systems within hours—not weeks—allowing them to resume operations with minimal disruption.

DORA Requires Recovery Within Two Hours

The ability to quickly restore critical services is now mandatory in some regulated industries. For example, the Digital Operational Resilience Act (DORA) is an EU regulation that came fully into force in January 2025. It requires that critical banking systems can be recovered in under two hours in the event of a disaster. This would be very difficult to achieve using traditional data protection solutions, which were never designed for rapid recovery. It is likely that more countries and industries will mandate fast recovery of critical services.

Protecting data is crucial, but it's equally important to consider other critical factors following a ransomware attack. One key consideration is the potential inaccessibility of affected storage arrays. In many cases, these arrays are sealed off for forensic investigation by cyber insurers or law enforcement, meaning businesses cannot access or recover data from compromised systems. Without an alternative data storage solution, businesses can grind to a halt and struggle to recover quickly.

Storage-as-a-Service with Recovery SLAs

However, there are now solutions that directly address this risk. Some storage providers offer Service Level Agreements (SLAs) for recovery from ransomware attacks as part of an existing Storage-as-a-Service (STaaS) plan. These services ensure a clean, operational storage environment after an attack, including technical support. This means that if their original storage arrays fail, businesses can receive a fully functional replacement within hours. This additional layer of security helps organisations recover quickly, even if their primary storage is locked down for investigation.

World Backup Day is a timely opportunity for businesses to reassess their data protection strategies. In today’s landscape, where new threats are constantly emerging, it is essential for organisations to adopt advanced data protection strategies to feel secure 365 days a year. By investing in a future-proof IT infrastructure and implementing a robust, modern data protection plan that includes efficient backup and recovery processes, businesses can reduce the risk of cybersecurity breaches and minimise costly downtime.

Fred Lherault

is Field CTO, EMEA/Emerging Markets at Pure Storage.