Blog

Ransomware recovery shouldn’t be a guessing game. For an auto insurance firm dedicated to protecting its clients' futures, safeguarding critical backup data from hidden threats was non-negotiable. With ElastioElastio, this firm’s ransomware recovery strategy has transformed from reactive to proactive. Bob Craven, Technical Services Manager, recognized the growing sophistication of ransomware tactics — specifically, their ability to infiltrate backups by silently infecting data and lying dormant until recovery. Tasked with ensuring data integrity and business continuity, Bob turned to Elastio's Ransomware Recovery Assurance PlatformElastio's Ransomware Recovery Assurance Platformto fill the critical gap traditional solutions couldn’t address. Daily automated scans and precise ransomware detection give users confidence in detecting data compromise early and instantly identifying a clean backup to restore. Bob refers to the Elastio Platform as a cornerstone of the company’s data integrity and protection strategy. Discover how Elastio helps protect data integrity, streamline compliance, and prevent disaster before it strikes.

"Elastio platform returns ransomware recovery into a fast, reliable process—we finally know exactly where to start." From Weeks of Guesswork to Instant Recovery: How AI Engineers Transformed Ransomware Resilience with Elastio When ransomware strikes, every second counts. Finding a clean backup quickly is critical to reducing downtime and minimizing data loss. For AI Engineers, a leader in bridge design and commercial construction, confidence in backup integrity and recovery speed has been a game-changer. Derrick Woolford, now Director of IT at AI Engineers, knows the cost of uncertainty all too well. In his previous role as an MSP supporting hundreds of businesses, he saw how traditional backup solutions left companies guessing. One client spent an entire week restoring backups one by one—only to discover the last clean copy was a month old. That experience shaped Woolford’s proactive approach to data protection and ultimately led him to Elastio. With Elastio’s Ransomware Recovery Assurance Platform, Woolford’s team now benefits from: Proactive ransomware threat detectionAutomated backup integrity validationInstant access to the last safe recovery point Best of all, Elastio integrates seamlessly with their existing Veeam environment, delivering confidence without adding complexity.

Watch the Replay Elastio was thrilled to host experts from Sheltered Harbor, AWS, and Veritas for a critical conversation on preparing for and recovering from severe cyber outages—events that can erode customer trust and threaten organizational survival. Here’s a recap of the discussion. Sheltered Harbor Principles Carlos Recalde, CEO of Sheltered Harbor, opened with a stark scenario: a sudden cyberattack renders a bank’s systems inoperable, locking customers out of their accounts. For financial institutions, moments like these are make-or-break—customer confidence is the key to survival. Sheltered Harbor’s mission is simple: ensure customers can access key services, like their account balances, even if full systems aren’t operational. Their robust framework is built on three pillars: Data Vaulting for mission-critical data,Resilience Planning, andCertifying readiness through rigorous testing. This structured approach provides a lifeline for institutions to weather severe outages and recover confidently. Ensuring Data Vaults Are Effective: Data Integrity Validation Todd from Elastio highlighted the foundation of any data vaulting strategy: confidence that the data is clean and recoverable. Today’s ransomware threats, like TimeTime, evade detection, embedding themselves into systems over months. These threats can reinfect infrastructure during recovery if undetected, rendering vaulting strategies useless. Elastio addresses this challenge with advanced AI and behavioral models that identify corruption in data early, catching ransomware before it embeds deeply. By continuously inspecting and testing data integrity, Elastio ensures that only clean, recoverable data enters the vault, safeguarding organizations against reinfection and future downtime. AWS: Building Compliance-Ready Data Vaulting Solutions Pradeep from AWS highlighted how rising regulatory mandates, such as DORA, NYDFS, and CMORG, drive financial institutions to adopt resilient data vaulting solutions. These requirements demand architectures that ensure data immutability, logical air gaps, and robust forensic capabilities. AWS’s Cyber Recovery architecture provides a pre-validated framework for creating secure and scalable vaults. Key features include Amazon S3 object lock for data immutability and forensic zones integrating solutions like Elastio to scan for ransomware and malware. This architecture allows organizations to meet compliance requirements swiftly while fortifying against sophisticated ransomware threats. Veritas: Simplifying Cyber Recovery Robert from Veritas explained how their Sheltered Harbor-endorsed NetBackup Recovery Vault offers an easy, cost-effective way to achieve compliance and resilience. This fully managed SaaS solution ensures data immutability, logical air gaps, and survivability—key components of a robust recovery strategy. For existing Veritas customers, Recovery Vault integrates seamlessly into workflows, enabling rapid activation of resiliency plans during an attack. For those new to Veritas, Robert emphasized its ability to centralize and simplify data recovery, leveraging AI and advanced security features to prevent attacks and ensure rapid restoration of critical systems. Key Questions from the Audience During the Q&A, the panel tackled some big questions: Who leads resilience initiatives within organizations?Carlos noted that while Chief Resilience Officers or Chief Risk Officers are ideal, it’s less about who starts the effort and more about ensuring the C-suite drives it forward. Resilience requires cross-functional collaboration across legal, compliance, IT, and operations teams.How do you justify the cost of resilience initiatives?The panel emphasized the rising threats of ransomware—now affecting 65% of organizations—and the increasing regulatory pressures from bodies like NYDFS and DORA. Investments in resilience aren’t just about compliance; they’re about survival.How often is backup data compromised?Todd shared that Elastio’s scans often uncover hidden issues, from malware embedded in backups to misconfigured storage, underscoring the importance of continuous inspection of recoverability. Robert added that while immutability protects against many threats, today’s sophisticated ransomware actors require organizations to take a holistic view of security, combining advanced tools with best practices to minimize risk. Final Thoughts Elastio is grateful to Sheltered Harbor, AWS, and Veritas for sharing their expertise and to all attendees for their thoughtful questions. This discussion reinforced that resilience isn’t just about technology—it’s about preparation, collaboration, and leadership. As ransomware threats grow more sophisticated, organizations must prioritize resilience to protect their data, operations, and customers. If you missed the webinar or want to dive deeper, feel free to reach out to Elastio, Sheltered Harbor, AWS, or Veritas. Let’s work together to build a safer, more resilient future.

By Eswar Nalamaru, Product Manager – Elastio, and Sabith Venkitachalapathy, Solutions Architect – AWS Data Protection Services Today's large enterprises face significant cybersecurity risks, including ransomware and advanced threats that can compromise critical data. To protect against these, organizations need secure, isolated backups that can be quickly recovered. However, traditional methods for creating these backups are often too complex and expensive for large-scale use. This leaves many companies vulnerable to data loss and business disruptions. This blog post examines how AWS Backup's logically air-gapped vault feature offers a practical solution for creating secure, scalable backups to enhance cyber-resilience. The AWS Backup logically air-gapped vault is a highly secure storage construct that logically isolates backups and encrypts them using AWS-owned keys, providing an additional layer of protection. Furthermore, the vault's integration with AWS Resource Access Manager (RAM) allows for easy and controlled sharing across multiple AWS accounts, enabling faster recovery times and minimizing Recovery Time Objectives (RTOs) while maintaining strict security measures. AWS Backup logically air-gapped vaults significantly enhance recovery capabilities, but their effectiveness ultimately depends on the quality of the stored backups. In light of the recent surge in ransomware attacks, which have targeted backups in 94% of cases last year [Sophos], maintaining backup integrity has become more crucial than ever. By implementing Logically Air-Gapped Vaults, organizations can better protect their backups from potential corruption that might otherwise go undetected. This proactive approach ensures that the data remains reliable and usable when recovery is needed, potentially saving organizations from increased recovery costs and operational disruptions. Many organizations face the challenge of confirming whether their immutable backups are clean and ready for recovery. Elastio addresses this urgent need by inspecting backup data for ransomware, ensuring that businesses always have a recent, verified, clean copy of their data for rapid restoration. Elastio acts as a last layer of defense by ensuring that your backups are always reliable during ransomware attacks and that you always have a clean copy of the data. Previously, Elastio integrated with AWS Backup to protect your EC2 and EBS Recovery points. With the new version of Elastio, you can scan your EC2, EBS, EFS, S3, and VMware Recovery Points. Further, it integrates with AWS Backup Restore testing to monitor your Recovery Points in Logically Air-Gapped Vaults. AWS Backup Logically Air-Gapped Vaults and Ransomware Recovery To utilize Logically Air-Gapped Vaults, configure AWS Backup's Backup Plans within your Workload Account to copy backups to the Logically Air-Gapped Vault. Once activated, the Backup Plan automatically transfers backups from the Local Vault to the Logically Air-Gapped Vault. AWS Backup allows customers to share Recovery Points stored in Logically Air-Gapped Vaults with a designated Recovery Account. To enable cross-account access, use AWS Resource Access Manager (RAM) to share a Logically Air-Gapped Vault with other AWS accounts, including those across different organizations. This powerful sharing capability ensures that backups stored in the Logically Air-Gapped Vault can be swiftly and reliably restored from any authorized shared account, enhancing disaster recovery readiness and operational flexibility. Logically Air-Gapped Vaults are encrypted using AWS-owned encryption keys. So, Elastio cannot mount the backups of EC2 and EBS directly from Logically Air-gapped Vaults. So, the Recovery Points can be scanned before going to Logically Air-gapped Vaults or restoring Recovery Points from the Logically Air-gapped Vaults. How Elastio works with AWS Backup Logically Air-Gapped Vaults Elastio offers flexible deployment options to cater to varying customer requirements, but two primary approaches are commonly used to inspect backups stored in AWS LAG Vaults. Approach 1: Scan backups in the Workload Account before they reach theLogically Air-GappedVault Elastio can be deployed in the Workload Account to inspect backups before copying them to the Logically Air-Gapped Vault. This approach allows Elastio to detect ransomware earlier in the attack cycle, identifying threats in your data before they reach the Logically Air-Gapped Vault. AWS Backup creates a recovery point in an AWS Backup Vault for an Amazon EC2 instance in the AWS account.Recovery Point creation triggers Amazon EventBridge.A Lambda function is triggered on the event and checks if the recovery point is tagged with “elastio:action=scan.”If the recovery point is tagged, the Lambda triggers Elastio scans. Steps to protect backups before moving to Logically Air-Gapped Vaults: Deploy Elastio in the Workload account with a CloudFormation Template.Deploy the CLoudFormation Template in the workload accounts to add tags to AWS Backup Recovery Points. Note that this step is required to protect EC2 Recovery points, as AWS Backup does not pass the metadata of the volumes to the Logically Air-Gapped Vaults. It will be challenging to correlate the volumes in the Elastio Console without this. Go to CloudFormation in AWS and click “Create Stack with new resources.” In Step 1, choose “Upload a template file”, upload the YAML file, and click Next In Step 2, give the name for the stack and click Next by leaving everything default. In Step 3, leave everything default and click Next. In Step 4, acknowledge at the bottom of the screen and click “Submit.” Add "elastio:action=scan" in the source account AWS Backup Plan. Go to AWS Backups and click the “Create backup plan” button. On the Backup Plan creation page, set a plan, and at the bottom of the page, add elastio:action=scan to the “Tags added to the recovery points – optional” section, as shown in the screenshot below. Click “Create Plan”. Once the plan is created, all the recovery points created with this backup plan are automatically scanned by Elastio. Elastio scans EC2 and EBS AWS Backup Recovery Points created by AWS Backup. To scan S3 and EFS Recovery points, Elastio scans the Recovery Points as part of a restore test plan. Approach 2: Scan the backups within theLogically Air-GappedVault Elastio can scan backups once they are stored in the Logically Air-Gapped Vault, offering a more centralized solution by inspecting backups from multiple workload accounts in one location. By sharing the Logically Air-Gapped Vault with a Recovery Account through AWS Resource Access Manager (RAM), organizations can inspect backups as part of a Restore Test process, ensuring that recovery points are clean before restoration. AWS Backup creates a recovery point in a Local Vault for an Amazon EC2 instance in the AWS account.The recovery point is copied from the Local Vault to the Logically Air-Gapped Vault.The Logically Air-Gapped Vault is shared with the Recovery Account using AWS Resource Access Manager to perform Restore Testing. Detailed instructions on sharing the recovery points are available in the blog: Introducing AWS Backup logically air-gapped vault. Perform a restore in the Recovery account via AWS Backup Restore Testing.An Amazon EventBridge event is triggered when the restore is completed.A Lambda function is triggered on the event and looks if the recovery point is tagged with “elastio:restore-test=scan.”If the recovery point is tagged, the Lambda triggers Elastio scans.The scan results are sent back to AWS Backup restore testing. Steps to protect backups in Logically Air-Gapped Vaults: Deploy Elastio in the Recovery account with a CloudFormation Template.Deploy the CloudFormation Template in the workload accounts to add tags to AWS Backup Recovery Points. Note that this step is required to protect EC2 Recovery Points, as AWS Backup does not pass the metadata of the volumes to the Logically Air-Gapped Vaults. It will be easier to correlate the volumes in the Elastio Console with this. Go to CloudFormation in AWS and click “Create Stack with new resources.” In Step 1, choose “Upload a template file”, upload the YAML file, and click Next In Step 2, give the name for the stack and click Next by leaving everything default In Step 3, leave everything default and click Next. In Step 4, acknowledge at the bottom of the screen and click “Submit.” Add "elastio:action=scan" in the source account AWS Backup Plan. Go to AWS Backup Console and click the "Create backup plan" button. On the Backup Plan creation page, set a plan, and at the bottom of the page, add elastio:action=scan to the “Tags added to the recovery points – optional” section, as shown in the screenshot below. Click “Create Plan”. Once the plan is created, all the recovery points created with this backup plan are automatically scanned by Elastio. Elastio scans EC2 and EBS AWS Backup Recovery Points created by AWS Backup. To scan S3 and EFS Recovery points, Elastio scans the Recovery Points as part of a restore test plan. Deploy the CFN to integrate Elastio with the AWS Backup Restore Testing. This CFN allows Elastio to scan recovery points as the ransomware protection step of the restore testing process. Go to CloudFormation in AWS and click “Create Stack with new resources.” In Step 1, choose "Amazon S3 URL", paste the link, and click "Next." In Step 2, give the name for the stack and click Next by leaving everything default. In Step 3, leave everything default and click Next. In Step 4, acknowledge at the bottom of the screen and click “Submit.” Add "elastio:restore-test=scan" in the source account AWS Backup's Backup Plan. Elastio automatically scans recovery Points with these tags as part of restore testing. Go to AWS Backup and click the “Create backup plan” button. On the Backup Plan creation page, set a plan, and at the bottom of the page, add elastio:restore-test=scan to the "Tags added to the recovery points – optional" section, as shown in the screenshot below. Click "Create Plan". Once the plan is created, all the recovery points created with this backup plan are automatically scanned by Elastio. Conclusion While AWS Backup Logically Air-Gapped Vaults provide secure storage, Elastio is the critical component that transforms this infrastructure into a truly resilient ransomware defense. By intelligently scanning and validating backups, Elastio enables organizations to confidently identify clean recovery points – a capability essential for effective cyber recovery. Without Elastio's powerful ransomware protection technology, enterprises cannot know that their securely stored backups are usable recovery points, exposing organizations to the devastating impacts of ransomware attacks.

Introduction We’re excited to announce that the Elastio Ransomware Recovery Assurance Platform now integrates with AWS Backup to provide enhanced protection for your mission-critical data. This powerful combination delivers an extra layer of defense against ransomware, ensuring your data remains secure, trusted, and ready for recovery when you need it most. Why This Integration Matters Ransomware attacks are on the rise, and organizations are increasingly turning to immutable backups, air-gapped storage, and bunker accounts to ensure data integrity. However, these measures alone don’t guarantee your recovery data is clean and free of hidden threats. That’s where Elastio comes in. With Elastio's integration with AWS Backup, you gain: Proactive Threat Detection: Elastio automatically scans and validates your backups for ransomware, malware, and corruption.Data Integrity Assurance: Ensure your backups are recoverable, clean, and free from compromises.Seamless Integration: Elastio works directly with AWS Backup, AWS Logically Air-Gapped Vault, and Amazon S3 to provide continuous validation without disrupting your workflow. How It Works The Elastio platform scans data as it's written to AWS Backup, identifying any signs of ransomware or other threats. By proactively validating your backups, you can confidently recover knowing your data is clean and uncompromised. Learn More To dive deeper into how Elastio and AWS Backup work together to strengthen your ransomware resilience strategy, check out the full AWS blog post: Read the Blog By integrating Elastio with your AWS Backup strategy, you can turn your recovery plan into a powerful, proactive defense against ransomware. Reach out today to see how Elastio can help secure your critical data and ensure business continuity.

The Digital Operational Resilience Act (DORA) is the EU's answer to rising cyberattacks on financial institutions. Recognizing the inevitability of cyber disruption, DORA mandates resilience requirements for European financial entities to ensure that their services can withstand cyberattacks. There is great pressure on institutions to demonstrate that their business is adequately compliant with these regulations, before they go into effect in January 2025. Fortunately, Elastio can help A Guide to How Elastio Helps Your Business Be DORA Compliant DORA encompasses four main pillars: ICT Risk Management, ICT-Related Incident Reporting, Digital Operational Resilience Testing, and Managing ICT Third-Party Risk. Elastio’s proactive inspection of backup data for ransomware addresses key requirements across these pillars. Learn how in our data sheet: HOW ELASTIO HELPS WITH DORA COMPLIANCE. With the January 2025 DORA compliance deadline approaching, financial institutions need to act now. Elastio is your partner in navigating the EU's new digital resilience standards. Our ransomware detection, backup integrity verification, detailed incident reporting, and continuous testing keep your business ahead of cyber threats and operational risks.

Your S3 data is vulnerable to ransomware attacks Amazon S3 is a popular choice for businesses due to its high availability, durability and cost-effectiveness. And its use is growing even more as organizations rely on AWS S3 as the foundation of their Gen AI data lakes. This widespread use and the storage of critical data make S3 an attractive target for threat actors. The risk of threat actors compromising S3 data is significant, as it can serve as both an entry point and a distribution point for ransomware. An example S3 threat pathway is when an attacker identifies a misconfigured S3 bucket that is publicly accessible or has weak access controls and uploads ransomware to it. Then a legitimate user unknowingly accesses the malicious file, leading to encryption of local and network files, operational disruption, and potential data loss. To secure against such attacks, it is crucial to tighten IAM controls and implement preventative measures, but also continuously verify the integrity of your data to promptly identify any compromises when they (almost inevitably) occur. Secure Your S3 Data Given this significant risk, Elastio customers asked us to extend our ransomware protection to continuously inspect their S3 data for ransomware and malware. This way, customers can be quickly alerted to any compromises and remediate threats before they spread. Elastio performs inspections both on the live data and on AWS Backups to ensure both early detection and clean recoveries from uncompromised backups. Elastio S3 Ransomware & Malware Protection Elastio offers the most comprehensive and flexible enterprise ransomware and malware protection for S3 – and at the lowest cost. With Elastio, customers can perform an initial inspection of all their existing S3 data upon deployment to ensure it is free from ransomware and malware. As new objects are added to your S3 buckets, Elastio automatically and continuously inspects them for any threats, providing ongoing protection. Additionally, Elastio enables periodic full inspections using the latest ransomware models and malware signatures to identify threats that were unknown during previous scans. Another key benefit is Elastio’s seamless integration with AWS Backup to ensure your S3 backups remain clean and uncompromised. With our most recent release, customers can now inspect even larger buckets for ransomware and malware without impacting production. Elastio’s license is priced based on the amount of storage protected rather than by scan, enabling regular, comprehensive scans without high costs, significantly enhancing your overall security posture.

Elastio Achieves AWS Security Competency We are excited to announce that Elastio has earned its AWS Security Competency. The AWS Security Competency designation is awarded to partners with technical proficiency and proven customer success in delivering security solutions on the AWS platform. Elastio earned its AWS Storage Competency early in 2023. Achieving AWS Security Competency status requires partners to undergo a rigorous validation process, including a thorough assessment of their security solutions, technical expertise, customer case studies, and adherence to best practices for security on AWS. The Elastio platform falls under the Data Protection security category for its ability to agentlessly detect threats in active infrastructure, including S3 buckets, and backups, enabling fast remediation while minimizing data loss. Security and Storage Intersect Cybersecurity threats loom large, with ransomware attacks posing a significant risk to businesses of all sizes. The ability to detect and mitigate these threats is paramount in safeguarding critical data and ensuring business continuity. Detecting ransomware in active cloud infrastructure and backups requires expertise in both security and storage disciplines. Achieving both competencies demonstrates Elastio’s commitment to serving the needs of AWS’s customers. Customers benefit from knowing that Elastio follows AWS best practices for security and storage to ensure that our ransomware detection capabilities best safeguard critical data and maintain the integrity of their AWS environment. Available through the AWS Marketplace The AWS Marketplace offers customers significant advantages when purchasing Elastio. With the marketplace's streamlined purchase process, customers can easily discover, evaluate, purchase, and deploy Elastio software. Customers with committed AWS spend can utilize that commitment as credit towards purchasing Elastio through the AWS Marketplace, enabling them to leverage their existing investment while acquiring essential software solutions.

Najaf Husain, CEO Ransomware attacks have become an ever-present threat to organizations of all sizes and industries. These malicious attacks can wreak havoc on a company's operations, causing significant financial and reputational damage. To combat this growing menace, it's crucial for businesses to have a well-thought-out ransomware response plan in place. Preparing for a Ransomware Attack The significance of having well-established, clean, and uncompromised recovery options cannot be overstated. Even with leading Extended Detection and Response (XDR) solutions, breaches can still occur, as evidenced by notable incidents like the attack on the City of Dallas, which showcased the persistence of attackers within networks despite robust defenses. Once these infiltrators gain access, they can target data stored on Elastic Block Storage (EBS) volumes or delete objects in Amazon S3, effectively holding them hostage for ransom, similar to what they would do with a Virtual Machine. The Importance of Verified Clean Recovery Options Elastio steps in to provide a solution. It offers the capability to create data snapshots, archiving them in a globally deduplicated and compressed format within S3 inside your account. We call this the Elastio Cyber Vault. Snapshots ingested into the vault undergo a thorough file inspection, scanning for over 2200 ransomware families and thousands of variants to ensure the data remains clean, uncompromised, and recoverable. If any active ransomware or malware is detected, specific files are promptly identified and sent to a Security Information and Event Management (SIEM) system. Elastio's incident response team takes it from there, analyzing the alerts and confirming the findings. The Vault itself is protected by S3 Object Lock to ensure that even admin-level IAM credentials are incapable of destroying it. Elastio also offers multiple recovery options, ranging from restoring to a known clean recovery point, enabling file-level recoveries, as well as EC2 and EBS recoveries. For infected assets, there's an option to recover them in an isolated sandbox environment. When it comes to production workloads, the Elastio live recovery option stands out by providing a rapid Recovery Time Objective (RTO) in a matter of minutes from the last known clean recovery point. To further fortify security and ensure a robust response plan, Elastio continuously snapshots the data, archives it, and checks its data integrity. This ongoing process not only enhances security but also acts as the ultimate safeguard, serving as the last line of defense in a comprehensive security strategy. The Last Line of Defense In essence, ransomware attacks are a numbers game involving a constant barrage of attempts until one inevitably breaches the defenses. This highlights the necessity of having a robust response plan that includes clean and uncompromised backups, such as those offered by Elastio, to ensure that even if an attack occurs, your organization can swiftly recover without paying the ransom. How Elastio Helps Elastio's data resilience platform ensures that your live data and backups are clean, uncompromised, and recoverable from ransomware attacks. Elastio reverse-engineered over 2200 ransomware families and developed the most comprehensive ransomware detection engine capable of pinpointing ransomware down to individual variants and files. Our advanced behavioral analytics model thoroughly examines your data for ransomware, malware, and corruption, providing the means for a secure recovery through point-in-time restoration of applications and data to a verified clean copy. With a proven track record of tens of billions of ransomware scans, our agentless platform empowers customers to validate the integrity of their live data and backups across AWS, Azure, and VMware. This includes securing critical areas of enterprise risk — core workloads, production databases, and object storage, ensuring that your data remains clean, uncompromised, and recoverable.

Najaf Husain, CEO The Need for Data Resilience It goes without saying that ransomware is top of mind for all enterprise security teams. The threat looms larger than ever, with a staggering 69% increase in attacks between 2022 to 20231. The rise isn't surprising when you consider the allure for cybercriminals: valuable digital assets, the ease of Ransomware-as-a-Service (RaaS) platforms, the payoff from ransom payments, and an ever-expanding digital landscape ripe for exploitation. This problem isn't going away any time soon. Despite rigorous prevention efforts, such as EDR/XDR or mitigating common ransomware conduits (e.g., vulnerabilities, compromised credentials, phishing attacks), the harsh reality is that an attack may just be inevitable. Think of MGM – a multi-billion-dollar casino which surely had the most sophisticated ransomware prevention solutions available, yet still became a victim last year, at a cost of $110M. In this environment, security teams need to make a shift towards resilience, focusing not just on prevention but on robust recovery strategies to mitigate the impact of an attack. Recoverable Backups as a Cornerstone of Resilience Ransomware resilience is all about being ready to quickly and effectively recover in the event of an attack. This readiness hinges on having a clear and actionable plan in place that thinks through every component of what is required to get your business back up-and-running. As we all know, backups are an integral part of any recovery plan. But the question that security teams need to ask themselves is not just "Do we have backups?" but "Do we have backups that are recoverable?" One reason for special vigilance regarding your backup strategy is that cybercriminals have started to target backup repositories, to undermine the reliability of this recovery method. According to the 2023 Ransomware Trend Report, backups were targeted in a staggering 93% of ransomware attacks. The success rate of these targeted attacks is alarmingly high, with 75% of backup repositories being compromised during these incidents2. These statistics serve as a stark reminder of the importance of having a backup strategy that is robust enough to withstand targeted cyberattacks. How to Ensure Your Data is Recoverable with True Ransomware Detection Enterprises often implement immutability and air-gapping to protect their backups. But these measures alone are still not enough to guarantee recoverability. For one thing, many bad actors will intentionally dwell in your data for longer than your backup retention policy in order to covertly infiltrate your backup repositories. It's hard to imagine a worse scenario than relying on backups during an attack, only to realize those backups were compromised at the point of being rendered immutable and air-gapped. This not only leaves the team without a viable recovery option but also adds the insult of having invested money in the storage of "dirty" data. To remove any form of guesswork from your ransomware recovery plan, the key is to test the integrity of all your data before it is made immutable and air-gapped with true ransomware detection. This integrity check can be done either on your live data to catch ransomware before it’s backed up or else on backups before they are sent to the secure vault. Another key benefit of this practice is that, in the event that you find ransomware in your data, you know exactly when your last-known clean copy is and therefore what to recover from. In this way, true ransomware detection allows you to rest easy with the knowledge that your data is clean, uncompromised and recoverable. 1Corvus: 2023 was a 'record-breaking' ransomware year | TechTarget 22023 Ransomware Trends Report (veeam.com)

Dr. Srinidhi Varadarajan, Chief Scientist Amazon Elastic Kubernetes Service (EKS) clusters, essential for containerized application management, are vulnerable to security risks, particularly when using Amazon Elastic Block Store (EBS) volumes and/or Simple Storage Service (S3) buckets for state storage. This vulnerability extends to ransomware and malware attacks, underscoring the critical need for a robust security infrastructure. The mechanics of ransomware attacks on EKS clusters Ransomware attacks on Amazon Elastic Kubernetes Service (EKS) clusters often employ sophisticated methods, with a notable strategy being the use of LD_PRELOAD to intercept the POSIX call chain. This method is a favored tool among Ransomware-as-a-Service (RaaS) operators like LockBit. The initial entry point for these attackers is often the compromise of Identity and Access Management (IAM) credentials, which can stem from poorly secured credentials or internal threats, such as disgruntled employees leaking sensitive information. The LockBit gang, known for its aggressive tactics, offers substantial rewards for high-value credentials. Interestingly, the use of zero-day vulnerabilities as primary entry points has diminished, thanks to modern infrastructure's capacity for automated updates, although defining IAM roles clearly and without overlap is still key to reducing potential harm. But even this measure is not a guaranteed safeguard, as attackers frequently exploit users who hold multiple IAM roles to move across various system boundaries. Why EDR/XDR is not enough to protect against these attacks Deploying perimeter Extended Detection and Response (XDR) agents on EKS clusters can enhance security. Yet, these agents represent merely the first layer of defense in a comprehensive security strategy. The reality is that even with leading XDR solutions, breaches occur. Notable incidents, such as the attack on the City of Dallas, demonstrate that attackers can maintain a presence in a network for extended periods despite these defenses being in place. Once infiltrators gain access, they can hold data on EBS volumes or delete S3 objects and offer them back for ransom, just as they might with a Virtual Machine. Kubernetes, in and of itself, does not offer extra protection against such threats. The level of attack sophistication often correlates with the perceived value of the target. High-value entities, such as financial institutions, are likely to encounter more advanced and tailored attack methods. Initially, these entities might be targeted by automated RaaS operators. When one of these tools discovers a vulnerability, the information is often sold to expert hacker groups who have the skills to exploit it effectively. Fundamentally, these attacks boil down to a numbers game, involving a constant bombardment of attempts until one inevitably finds its way through. The role of data resilience in mitigating ransomware attacks on EKS clusters In response to these challenges, data resilience solutions like Elastio – which operate at the data level – emerge as crucial components of a security infrastructure. Elastio offers a layer of defense beyond traditional measures by continuously monitoring the state of EBS and S3 for ransomware and malware, all without relying on agent-based solutions that can be compromised or bypassed. This approach addresses the gaps left by EDR/XDR solutions and provides an added layer of security. By prioritizing continuous monitoring and the resilience of the data itself, organizations can better protect their EKS clusters from evolving ransomware threats, ensuring operational continuity and safeguarding their data.

Todd Fredrick, Strategic Alliances Introduction In this current landscape of cybersecurity, one thing is sure – ransomware is not going away. It's not a matter of if but when you will get hit. As Managed Service Providers (MSPs), safeguarding your customers' data from the relentless threats of ransomware is paramount. In this blog post, we'll explore the challenges MSPs face, the need for true ransomware detection for backups, and why Elastio stands out as the ultimate ally in the battle against ransomware. Are you unwittingly backing up ransomware? Ransomware, a pervasive threat, is constantly evolving in sophistication. As it becomes more sophisticated, it outpaces traditional security measures, such as Endpoint Detection and Response (EDR/XDR) solutions, leading to delayed detection. With ransomware dwell times often outlasting backup retention periods, this lag in identification gives ransomware the opportunity to integrate itself into backups covertly. By the time the ransomware is discovered, it’s too late: it has already compromised the integrity of your data recovery efforts. So the critical question looms: Are you unwittingly backing up ransomware? True ransomware detection for backups Elastio helps MSPs ensure that their customers’ backups are clean, uncompromised, and recoverable through its true ransomware detection. Unlike conventional solutions that rely on anomaly detection and often yield false positives, Elastio employs deep file-by-file inspection. This method, driven by specific knowledge of ransomware and its variants, ensures accurate detection without guesswork. Why Elastio Unparalleled Ransomware Knowledge: Elastio has set itself apart by reverse-engineering over 2,200 specific ransomware families and their variants. This comprehensive understanding enables Elastio to identify the presence of ransomware at the file level, providing MSPs with a precise and effective detection mechanism.Integration with Existing Backup Infrastructure: Elastio doesn't disrupt your existing backup infrastructure. Instead, it enhances your investment by seamlessly integrating with your current backup solution. This means you can elevate your cybersecurity without overhauling your entire system.Fast Time to Value: Time is of the essence in the fight against ransomware. Elastio ensures a swift deployment process, allowing MSPs to realize value rapidly. In a threat landscape where every moment counts, Elastio's efficiency is a game-changer.New Revenue Opportunity: With Elastio in their cybersecurity portfolio, MSPs create new revenue opportunities by introducing true ransomware detection for backups as an additional service, thereby improving client trust and retention. Elastio assures your customers’ data integrity As an MSP, safeguarding your customers' data from ransomware is a continuous challenge. Elastio provides a solution that understands ransomware intricately and integrates seamlessly into your existing backup infrastructure. Stay ahead of the threat curve with Elastio – the ultimate partner in securing your MSP and in ensuring the resilience of your customers' data against the ever-present ransomware threat.