Blog

Elastio Ransomware Recovery Assurance Platform’s Intuitive User Interface When ransomware hits, security teams are under immense pressure to contain the damage quickly, find the source, and restore operations. With critical systems locked down and business grinding to a halt, every second counts. At the same time, leadership wants answers. How bad is it? What’s impacted? How soon can we recover? It’s a high-stakes, high-stress situation in which having the right tools can mean the difference between a rapid recovery and a prolonged crisis. That’s why we built the Elastio Platform to make ransomware recovery as effortless, intuitive, and stress-free as possible (or at least as stress-free as it can be in an attack). By removing complexity and streamlining recovery into just three clicks, Elastio helps teams regain control with confidence—without getting lost in complicated workflows. 1, 2, 3… Ransomware Recovery We designed the Elastio Platform around a "don’t make me think" approach. Our streamlined, three-tiered structure eliminates endless menus and confusing options, helping teams make fast, informed decisions in moments of crisis. After analyzing dozens of Security Operations Center (SOC) workflows, we distilled them into a simple, intuitive experience that puts everything teams need right at their fingertips. Click One: Centralized Dashboard – Your Mission Control The Elastio Platform dashboard acts as mission control, offering real-time visibility into system health, data integrity, and potential threats. Users can instantly see: Critical alertsLatest data inspection resultsRansomware Resilience Posture Summaries Click Two: Data-Rich Asset Tables – Find What You Need Fast Time is critical in ransomware recovery. Elastio’s intelligent search and filtering allows users to quickly locate affected files, backups, or workloads, pinpointing clean restore points without manually sifting through endless copies. Click Three: Recovery – Get Back to Business At the end of the workflow, users are fully equipped to mitigate the attack and restore operations instantly. On the Elastio Platform recovery page, teams can: Confirm critical details about the infected instanceDrill down to specific files flagged for infectionExtract forensic copies for investigationExecute a clean recovery—restoring data instantly from the last validated, ransomware-free restore point. Whether conducting forensic analysis or executing a full recovery, Elastio provides clarity, speed, and confidence—ensuring a seamless return to normal operations. Beyond Recovery: Supporting Features That Reduce Operational Overhead Incident Tracking: Visibility for Every Stakeholder When ransomware is detected, Elastio Platform instantly notifies the organization and automatically tracks the incident from detection to recovery. Through an intuitive Kanban-style interface, teams can: Monitor the entire history of an incident, from initial detection to resolutionView required actions and track progress toward full remediationEnsure all stakeholders—security teams, IT, and leadership—stay informed with real-time status updates Context-Aware Alerts & Notifications: Prioritize What Matters Elastio Platform’s highly configurable alerting system ensures that the right people get the correct information—at the right time. The system allows users to: Customize alerts based on priority, event type, or user roleControl visibility so teams only see relevant notifications, reducing noiseStay informed on threats, backup health, and recovery progress—without alert fatigue With Elastio, organizations can tailor their alerting strategy to prioritize critical threats, streamline response efforts, and ensure the right stakeholders stay informed. Real-Time System Status: Instant Visibility & Proactive Monitoring Elastio Platform continuously monitors its own operations, ensuring teams have a clear, real-time view of deployment health, job execution, and system performance.● Monitor platform activity, including deployment status and job processing● Proactively identify and surface issues that require attention● Troubleshoot and resolve confi guration or performance concerns● Set up custom alerts for anomalies, such as delayed jobs or unexpected system behaviors Role-Based Access Control: Security Without Complexity Security teams need complete control over access and permissions to ensure the right people can take action—without unnecessary risk. Elastio Platform’s role-based access control (RBAC) enables administrators to: Define granular permissions for different roles and responsibilitiesEnsure only authorized users can initiate restores or modify settingsProtect critical features while maintaining operational efficiency With fine-tuned access management, Elastio Platform ensures that security and IT teams can confidently operate, enforcing the principle of least privilege. Effortless Deployment, Instant Value: Elastio Works Where You Work Elastio Platform is built for IT teams, not extra work—meaning it integrates directly into your existing infrastructure without disruption or steep learning curves. Natively supports AWS, hybrid, and on-premises environmentsAdapts to your existing security and backup workflows—no rip-and-replace requiredWorks out of the box so teams can immediately enhance ransomware resilience without extensive retraining With Elastio Platform, there's no reconfiguring, no downtime, and no operational headaches—just smarter recovery embedded into the workflows you already rely on. Conclusion: Recovery, Simplified. Confidence, Restored. Ransomware attacks are chaotic, high-pressure events—but recovery doesn’t have to be. The Elastio Platform is designed to eliminate complexity, minimize downtime, and give security teams the confidence to act quickly and decisively. With a three-click recovery workflow, Elastio ensures that teams can instantly identify the most recent clean restore point—without having to sift through endless backups. Instead of forcing users to guess, the platform provides clear, intelligent recovery recommendations so organizations can confidently restore systems to a pre-attack state. Instant insights from a centralized dashboardRapid search and drill-down to pinpoint uninfected recovery pointsOne-click to restore operations in minutes From near real-time ransomware detection to a recovery process designed for speed and simplicity, the Elastio Platform is built to make one of IT's worst days easier. Fast. Simple. Resilient. Three clicks, and you’re back in control.

What The New Proposed HIPAA Security Rules Mean For Your Organization The U.S. Department of Health and Human Services (HHS) has proposed significant updates to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule in response to escalating cyber threats. These proposed changes aim to enhance the protection of electronic protected health information (ePHI) and ensure healthcare organizations are better equipped to handle modern cybersecurity challenges. Elastio, with its advanced ransomware protection solutions, is well-positioned to support healthcare entities in aligning with these new recommendations. Understanding the Proposed HIPAA Security Rule Changes On December 27, 2024, the HHS's Office for Civil Rights (OCR) issued a Notice of Proposed Rulemaking (NPRM) to amend the HIPAA Security Rule. This proposal marks the first significant update since 2013 and reflects the need to address the evolving landscape of cyber threats targeting the healthcare sector. hhs.gov The proposed modifications include: Contingency Planning:The proposed regulation requires that healthcare organizations implement a contingency plan with robust data backup procedures and written processes that enable the restoration of crucial data within 72 hours of the loss.OCR Proposes Changes to the HIPAA Security Rule | Publications | Kirkland & Ellis LLPRegular Risk Assessments and Audits: Covered entities and business associates must conduct periodic risk analyses and maintain compliance documentation to identify and mitigate risks proactively.Enhanced Incident Response Protocols: Organizations must establish robust procedures to effectively detect, respond to, and recover from security incidents. These proposed changes aim to fortify the healthcare sector's defenses against increasingly sophisticated and damaging cyberattacks. The Imperative for Strengthened Cybersecurity in Healthcare High-profile data breaches in recent years underscored the urgency for these updates. In 2024 alone, there were 13 data breaches, each affecting over 1 million healthcare records, culminating in the exposure of approximately 146 million individuals' data. Notably, a ransomware attack on UnitedHealth Group compromised the personal information of over 100 million individuals, marking the most significant healthcare data breach. hipaajournal.com theverge.com These incidents jeopardize patient privacy and disrupt healthcare services, leading to delayed treatments and increased operational costs. The proposed HIPAA Security Rule changes are designed to mitigate such risks by enforcing stricter security protocols. How Elastio Ransomware Recovery Assurance Platform Can Support Compliance with the New HIPAA Recommendations Elastio Ransomware Recovery Assurance Platform (Elastio Platform) offers comprehensive ransomware protection solutions that align seamlessly with the proposed HIPAA Security Rule enhancements: Continuous Validation of Contingency Plan:The new proposed regulations demand that organizations have written procedures to restore crucial data within seventy-two hours. Elastio Platform inspects data backups upon creation to verify they are clean and recoverable, giving organizations critical visibility into the effectiveness of their recovery plans.Automated Risk Assessments: Elastio Platform conducts continuous discovery and risk analyses of your environment. It identifies storage misconfigurations that leave companies vulnerable to ransomware attacks and provides actionable insights to mitigate them.Robust Incident Response Capabilities: In the event of a security incident, Elastio Platform offers rapid detection and response tools, enabling organizations to contain and remediate threats and minimize potential damage quickly.Comprehensive Compliance Reporting: Elastio Platform provides detailed compliance documentation and audit trails, assisting healthcare organizations in demonstrating adherence to HIPAA requirements during audits. Conclusion The proposed updates to the HIPAA Security Rule represent a critical step toward strengthening cybersecurity in the healthcare sector. As cyber threats evolve, healthcare organizations must adopt advanced security measures to protect ePHI and maintain patient trust. Elastio Platform's suite of ransomware protection solutions offers the necessary tools to achieve compliance with the new HIPAA recommendations and enhance the overall cybersecurity posture. By proactively implementing these measures, healthcare providers can comply with regulatory requirements and ensure patient information's confidentiality, integrity, and availability in an increasingly digital healthcare environment. HIPPA proposal:HIPAA Security Rule Notice of Proposed Rulemaking to Strengthen Cybersecurity for Electronic Protected Health Information | HHS.gov

Data-Level Detection: Anomaly or Encryption Ransomware attacks continue to bypass traditional security layers, including endpoint detection and server-based defenses. Businesses are adding data-layer detection as an extra safeguard against ransomware. However, a problem exists: most of these solutions do not work. Most solutions rely on anomaly detection, which is no longer an effective approach. Today, instead of accurately detecting ransomware, this method: Floods security teams with false positivesMisses modern ransomware techniques that bypass anomaly-based detection.Fails to provide actionable intelligence past anomaly alerts. To detect ransomware, you must recognize actual encryption activity in data—not just alert on statistical anomalies. In this blog, we break down: Why anomaly detection fails to stop ransomwareWeaknesses of anomaly-based detectionWhy encryption detection is the reliable solution 1. What is Anomaly Detection? Anomaly detection identifies unusual behavior in data patterns to detect potential ransomware activity. It is commonly implemented in backup solutions using: Change Rate Analysis – Detects unusual spikes in modified data.Backup Size Monitoring – Flags abnormal increases in backup size.Metadata Analysis – Looks for mass renaming or restructuring of files.Entropy Detection – Identifies high randomness in file contents (potential encryption). While these techniques seem logical, they do not stop ransomware in practice. 2. Where Anomaly Detection Falls Short (A) Many False Positives Anomaly detection is inherently noisy because it cannot distinguish between a real threat and normal data fluctuations. SOC teams receive an average of 4,484 security alerts daily—67% are ignored due to alert fatigue.[The Silent Threat of Alert Fatigue]When false positives are constant, teams either turn off or ignore them Key takeaway: A detection system that creates too many alerts can be as bad as having no detection. (B) Lack of Precision: No Actionable Insights Anomaly detection does not tell you what’s happening—only that something "looks unusual." Security teams are left investigating vague alerts instead of getting concrete, actionable insights.When ransomware is actively spreading, you don’t have time to analyze anomalies—you need to know precisely what is encrypting your data. Key takeaway: A detection system that only says “something might be wrong” can create more work than solving the problem. (C) Arbitrary Sensitivity Settings Undermine Effectiveness Security teams are responsible for tuning sensitivity levels to deal with alerts, which is an unreliable process. Set sensitivity too high? Teams are flooded with false positives.Set sensitivity too low? Ransomware slips through undetected.Since every environment is different, there’s no universal threshold, leaving teams guessing and making detection inconsistent and useless at best. Key takeaway: A detection system that requires constant manual tuning is fundamentally flawed. (D) False Negatives: How Ransomware Evades Anomaly Detection Many modern ransomware families are designed to evade anomaly detection. Several top ten ransomware variants use intermittent encryption—encrypting parts of files instead of the entire file—so entropy remains unchanged.Attackers test their ransomware against anomaly detection tools before deploying it, ensuring their malware remains undetected.Examples of Ransomware That Evade Anomaly Detection:LockFileLockFile – Uses partial encryption, modifying only parts of files to avoid detection.XoristXorist – Does not change metadatato bypass statistical anomaly-based defenses.Alcatraz LockerAlcatraz Locker – Base64 encoding, ensuring minimal entropy changes. Sources:LockFile ransomware’s box of tricks: intermittent encryption and evasion – Sophos News Key takeaway:If attackers can trivially bypass your anomaly detection method, it’s not a real ransomware defense. (E) Anomaly Detection Doesn’t Look for Malware Anomaly detection does not detect actual ransomware executables—it only flags suspicious behavior. Gartner confirms this: “It’s important to note that anomaly scanning does not detect malware executables and cannot prevent those executables from becoming part of the backup of a system.”“It’s important to note that anomaly scanning does not detect malware executables and cannot prevent those executables from becoming part of the backup of a system.” Secure Your Backup Platforms and Data From Ransomware Attacks, 2024 This means ransomware can still be backed up, spread, and restored—even if anomaly detection exists. Key takeaway:A system that cannot detect actual ransomware encryption is broken, and their data is at risk. 3. The Solution: Ransomware Encryption Detection Elastio Ransomware Recovery Assurance Platform is DifferentInstead of relying on anomaly detection, Elastio Ransomware Recovery Assurance Platform (Elastio Platform) uses encryption-based detection to recognize actual ransomware activity inside storage and backups. Elastio Platform leverages a proprietary Machine Learning (ML) model built on a dataset of all known ransomware since 2014. Elastio Platform can identify ransomware encryption in data, even for zero-day threats that have not yet been identified. Key Differentiators of Elastio Platform’s Approach: Detects the specific ransomware variant encrypting at the file levelIdentifies zero-day ransomware that has never been seen before with 99.99% accuracyProvides forensic insights on the attacker’s tacticsEliminates false positives by focusing on real encryption activity With Elastio Platform, security teams don’t have to guess. When ransomware is detected, Elastio Platform knows what’s happening, which files are affected, and how to respond. Conclusion: The Need for Ransomware Detection Anomaly detection was never designed to stop ransomware. The only way to reliably detect ransomware is by recognizing how and when ransomware has encrypted data Elastio Platform detects actual ransomware encryption, providing precise and actionable intelligence Eliminate noise. Gain intelligence with Elastio Platform to be proactive and defend against ransomware

Elastio Ransomware Recovery Assurance Platform is excited to unveil its new Elastio Platform 360 Ransomware Resilience User Interface (UI), an innovation that empowers businesses with unprecedented visibility into their ransomware resilience posture. This comprehensive interface provides actionable intelligence to identify threats, enhance defenses, and ensure clean, reliable recovery from one unified platform. Bringing Hidden Risks into Clear View Ransomware recovery is only as strong as your weakest link; without visibility, those weaknesses remain hidden until it’s too late. Elastio Platform 360 Ransomware Resilience UI is designed to illuminate key dimensions of your data security and recovery environment, transforming resilience from an abstract concept into a measurable, actionable framework. The intuitive interface delivers a real-time view of ransomware resilience, enabling organizations to: Uncover critical vulnerabilities before attackers exploit them.Prioritize areas of improvement that strengthen ransomware defenses.Take proactive steps to secure clean recovery points and prevent future breaches. Five Dimensions of Visibility for Proactive Cybersecurity The Elastio Platform 360 Ransomware Resilience UIvisualizes resilience across five essential cybersecurity dimensions: Recovery Assurance: Instantly verifies clean, ready-to-restore recovery points within defined SLAs, eliminating guesswork when disaster strikes.Asset Coverage: Confirms all critical assets are scanned for reducing blindspots and protecting against perimeter breaches.Ransomware Safety: Tracks data integrity to detect threats before and after detonation, ensuring quick remediation and recovery.Encryption Activity: Identifies malicious encryption and insider threats, a growing risk for organizations of all sizes.Storage Health: Pinpoints storage misconfigurations and potential exploits, safeguarding data from hidden weaknesses. This enhanced visibility allows businesses to confidently align their defenses and recovery strategies to current and emerging threats. Actionable Insights with Every View Built on advanced analytics and machine learning, the Elastio Platform360 Ransomware Resilience UIequips cybersecurity leaders with a clear roadmap for resilience improvement. Designed with industry experts, it simplifies complex data, providing intuitive metrics highlighting risk areas and real-time resilience progress. Confidence in Clean Data, Ready for Recovery Traditional solutions leave gaps in ransomware detection and recovery readiness. The Elastio Platform fills those gaps by continuously monitoring data integrity, alerting organizations to hidden threats, and validating every recovery point. Elastio Platform 360 Ransomware Resilience UI turns those capabilities into actionable insights, empowering teams to detect risks early and restore operations without hesitation. Step into the Future of Ransomware Recovery Assurance The Elastio Platform 360 Ransomware Resilience UI redefines how organizations understand and enhance their ransomware resilience posture. Ready to see it in action? Explore Elastio today and gain confidence in your ability to recover clean, secure data quickly and precisely.

Introduction A recent ransomware campaign has emerged, targeting Amazon Web Services (AWS) Simple Storage Service (S3) buckets. This attack encrypts existing S3 objects using new encryption keys, rendering them inaccessible without payment. Forbes Understanding how this attack operates and implementing effective security measures are crucial steps to safeguard your data against such threats. What Happened? This ransomware campaign exploits AWS's Server-Side Encryption with Customer-Provided Keys (SSE-C). Attackers use compromised AWS credentials to encrypt S3 objects with keys known only to them. Since AWS does not store these keys, the data becomes unrecoverable without the attacker's cooperation. BleepingComputer The attack involves: Unauthorized Access: Attackers gain access to AWS accounts with permission to read and write S3 objects.Encryption with SSE-C: They encrypt existing S3 objects using SSE-C with keys they control.Data Inaccessibility: Without the specific encryption keys, legitimate users cannot decrypt and access their data.Ransom Demand: Attackers demand payment in exchange for the decryption keys. This method effectively locks users out of their data, with recovery being impossible without the attacker's key. How Could This Impact You? For businesses relying on AWS S3 to store critical data, this attack poses a significant threat. If your data becomes encrypted by an unauthorized party, it can lead to operational disruptions, financial losses, and reputational damage. The claim that recovery is impossible without payment underscores the importance of robust security measures and proactive monitoring to detect and prevent such unauthorized activities. Best Practices for Recovery and Prevention Strengthen Access Controls Implement Least Privilege Access: Ensure that users and applications have only the permissions necessary to perform their tasks. Regularly audit permissions to prevent privilege creep.Use Multi-Factor Authentication (MFA): Require MFA for all accounts, especially those with access to sensitive data. Utilize Ransomware Scanning Deploy Advanced Tools: Utilize advanced ransomware detection and recovery solutions to automatically identify and mitigate threats in buckets.Enhance Scanning Tools: Upgrade your ransomware scanning tools to detect specific errors associated with SSE-C encryption misuse.Implement Proactive Monitoring: Set up systems to trigger alerts whenever read errors occur, signaling potential ransomware activity. Monitor and Detect Anomalous Activities Enable Logging and Monitoring: Activate AWS CloudTrail and Amazon S3 server access logging to monitor access and changes to your S3 buckets.Set Up Alerts: Configure alerts for unusual activities, such as sudden changes in encryption settings or large data transfers. Utilize S3 Object Lock and Versioning Enable S3 Object Lock: Implement Object Lock in compliance mode to prevent object deletion or modification within a specified retention period, protecting data from unauthorized changes. Amazon Web Services, Inc.Activate Versioning: Keep previous versions of objects to recover from unintended overwrites or deletions. Regular Backups and Replication Perform Regular Backups: Regularly back up your data to separate, secure locations to ensure availability in case of an attack.Implement Cross-Region Replication: Replicate data across different AWS regions to enhance durability and availability.Validate Backup Integrity: Use these tools to ensure your s3 backups are secure and identify the last known clean version for swift recovery. Educate and Train Your Team Conduct Security Training: Regularly train employees on security best practices and how to recognize phishing attempts and other common attack vectors.Develop an Incident Response Plan: Establish and rehearse a response plan for potential security incidents, including ransomware attacks. Conclusion The emergence of this S3-targeted ransomware campaign highlights cyber adversaries' evolving tactics. By implementing robust security measures, maintaining vigilant monitoring, and fostering a culture of security awareness, you can protect your data and ensure business continuity. Remember, preparation and proactive defense are your best strategies against ransomware threats. At Elastio, we offer advanced ransomware detection and recovery solutions tailored to safeguard your cloud storage environments, helping you stay resilient against emerging threats. Stay vigilant. Stay protected.

Ransomware recovery shouldn’t be a guessing game. For an auto insurance firm dedicated to protecting its clients' futures, safeguarding critical backup data from hidden threats was non-negotiable. With ElastioElastio, this firm’s ransomware recovery strategy has transformed from reactive to proactive. Bob Craven, Technical Services Manager, recognized the growing sophistication of ransomware tactics — specifically, their ability to infiltrate backups by silently infecting data and lying dormant until recovery. Tasked with ensuring data integrity and business continuity, Bob turned to Elastio's Ransomware Recovery Assurance PlatformElastio's Ransomware Recovery Assurance Platformto fill the critical gap traditional solutions couldn’t address. Daily automated scans and precise ransomware detection give users confidence in detecting data compromise early and instantly identifying a clean backup to restore. Bob refers to the Elastio Platform as a cornerstone of the company’s data integrity and protection strategy. Discover how Elastio helps protect data integrity, streamline compliance, and prevent disaster before it strikes.

"Elastio platform returns ransomware recovery into a fast, reliable process—we finally know exactly where to start." From Weeks of Guesswork to Instant Recovery: How AI Engineers Transformed Ransomware Resilience with Elastio When ransomware strikes, every second counts. Finding a clean backup quickly is critical to reducing downtime and minimizing data loss. For AI Engineers, a leader in bridge design and commercial construction, confidence in backup integrity and recovery speed has been a game-changer. Derrick Woolford, now Director of IT at AI Engineers, knows the cost of uncertainty all too well. In his previous role as an MSP supporting hundreds of businesses, he saw how traditional backup solutions left companies guessing. One client spent an entire week restoring backups one by one—only to discover the last clean copy was a month old. That experience shaped Woolford’s proactive approach to data protection and ultimately led him to Elastio. With Elastio’s Ransomware Recovery Assurance Platform, Woolford’s team now benefits from: Proactive ransomware threat detectionAutomated backup integrity validationInstant access to the last safe recovery point Best of all, Elastio integrates seamlessly with their existing Veeam environment, delivering confidence without adding complexity.

Watch the Replay Elastio was thrilled to host experts from Sheltered Harbor, AWS, and Veritas for a critical conversation on preparing for and recovering from severe cyber outages—events that can erode customer trust and threaten organizational survival. Here’s a recap of the discussion. Sheltered Harbor Principles Carlos Recalde, CEO of Sheltered Harbor, opened with a stark scenario: a sudden cyberattack renders a bank’s systems inoperable, locking customers out of their accounts. For financial institutions, moments like these are make-or-break—customer confidence is the key to survival. Sheltered Harbor’s mission is simple: ensure customers can access key services, like their account balances, even if full systems aren’t operational. Their robust framework is built on three pillars: Data Vaulting for mission-critical data,Resilience Planning, andCertifying readiness through rigorous testing. This structured approach provides a lifeline for institutions to weather severe outages and recover confidently. Ensuring Data Vaults Are Effective: Data Integrity Validation Todd from Elastio highlighted the foundation of any data vaulting strategy: confidence that the data is clean and recoverable. Today’s ransomware threats, like TimeTime, evade detection, embedding themselves into systems over months. These threats can reinfect infrastructure during recovery if undetected, rendering vaulting strategies useless. Elastio addresses this challenge with advanced AI and behavioral models that identify corruption in data early, catching ransomware before it embeds deeply. By continuously inspecting and testing data integrity, Elastio ensures that only clean, recoverable data enters the vault, safeguarding organizations against reinfection and future downtime. AWS: Building Compliance-Ready Data Vaulting Solutions Pradeep from AWS highlighted how rising regulatory mandates, such as DORA, NYDFS, and CMORG, drive financial institutions to adopt resilient data vaulting solutions. These requirements demand architectures that ensure data immutability, logical air gaps, and robust forensic capabilities. AWS’s Cyber Recovery architecture provides a pre-validated framework for creating secure and scalable vaults. Key features include Amazon S3 object lock for data immutability and forensic zones integrating solutions like Elastio to scan for ransomware and malware. This architecture allows organizations to meet compliance requirements swiftly while fortifying against sophisticated ransomware threats. Veritas: Simplifying Cyber Recovery Robert from Veritas explained how their Sheltered Harbor-endorsed NetBackup Recovery Vault offers an easy, cost-effective way to achieve compliance and resilience. This fully managed SaaS solution ensures data immutability, logical air gaps, and survivability—key components of a robust recovery strategy. For existing Veritas customers, Recovery Vault integrates seamlessly into workflows, enabling rapid activation of resiliency plans during an attack. For those new to Veritas, Robert emphasized its ability to centralize and simplify data recovery, leveraging AI and advanced security features to prevent attacks and ensure rapid restoration of critical systems. Key Questions from the Audience During the Q&A, the panel tackled some big questions: Who leads resilience initiatives within organizations?Carlos noted that while Chief Resilience Officers or Chief Risk Officers are ideal, it’s less about who starts the effort and more about ensuring the C-suite drives it forward. Resilience requires cross-functional collaboration across legal, compliance, IT, and operations teams.How do you justify the cost of resilience initiatives?The panel emphasized the rising threats of ransomware—now affecting 65% of organizations—and the increasing regulatory pressures from bodies like NYDFS and DORA. Investments in resilience aren’t just about compliance; they’re about survival.How often is backup data compromised?Todd shared that Elastio’s scans often uncover hidden issues, from malware embedded in backups to misconfigured storage, underscoring the importance of continuous inspection of recoverability. Robert added that while immutability protects against many threats, today’s sophisticated ransomware actors require organizations to take a holistic view of security, combining advanced tools with best practices to minimize risk. Final Thoughts Elastio is grateful to Sheltered Harbor, AWS, and Veritas for sharing their expertise and to all attendees for their thoughtful questions. This discussion reinforced that resilience isn’t just about technology—it’s about preparation, collaboration, and leadership. As ransomware threats grow more sophisticated, organizations must prioritize resilience to protect their data, operations, and customers. If you missed the webinar or want to dive deeper, feel free to reach out to Elastio, Sheltered Harbor, AWS, or Veritas. Let’s work together to build a safer, more resilient future.

By Eswar Nalamaru, Product Manager – Elastio, and Sabith Venkitachalapathy, Solutions Architect – AWS Data Protection Services Today's large enterprises face significant cybersecurity risks, including ransomware and advanced threats that can compromise critical data. To protect against these, organizations need secure, isolated backups that can be quickly recovered. However, traditional methods for creating these backups are often too complex and expensive for large-scale use. This leaves many companies vulnerable to data loss and business disruptions. This blog post examines how AWS Backup's logically air-gapped vault feature offers a practical solution for creating secure, scalable backups to enhance cyber-resilience. The AWS Backup logically air-gapped vault is a highly secure storage construct that logically isolates backups and encrypts them using AWS-owned keys, providing an additional layer of protection. Furthermore, the vault's integration with AWS Resource Access Manager (RAM) allows for easy and controlled sharing across multiple AWS accounts, enabling faster recovery times and minimizing Recovery Time Objectives (RTOs) while maintaining strict security measures. AWS Backup logically air-gapped vaults significantly enhance recovery capabilities, but their effectiveness ultimately depends on the quality of the stored backups. In light of the recent surge in ransomware attacks, which have targeted backups in 94% of cases last year [Sophos], maintaining backup integrity has become more crucial than ever. By implementing Logically Air-Gapped Vaults, organizations can better protect their backups from potential corruption that might otherwise go undetected. This proactive approach ensures that the data remains reliable and usable when recovery is needed, potentially saving organizations from increased recovery costs and operational disruptions. Many organizations face the challenge of confirming whether their immutable backups are clean and ready for recovery. Elastio addresses this urgent need by inspecting backup data for ransomware, ensuring that businesses always have a recent, verified, clean copy of their data for rapid restoration. Elastio acts as a last layer of defense by ensuring that your backups are always reliable during ransomware attacks and that you always have a clean copy of the data. Previously, Elastio integrated with AWS Backup to protect your EC2 and EBS Recovery points. With the new version of Elastio, you can scan your EC2, EBS, EFS, S3, and VMware Recovery Points. Further, it integrates with AWS Backup Restore testing to monitor your Recovery Points in Logically Air-Gapped Vaults. AWS Backup Logically Air-Gapped Vaults and Ransomware Recovery To utilize Logically Air-Gapped Vaults, configure AWS Backup's Backup Plans within your Workload Account to copy backups to the Logically Air-Gapped Vault. Once activated, the Backup Plan automatically transfers backups from the Local Vault to the Logically Air-Gapped Vault. AWS Backup allows customers to share Recovery Points stored in Logically Air-Gapped Vaults with a designated Recovery Account. To enable cross-account access, use AWS Resource Access Manager (RAM) to share a Logically Air-Gapped Vault with other AWS accounts, including those across different organizations. This powerful sharing capability ensures that backups stored in the Logically Air-Gapped Vault can be swiftly and reliably restored from any authorized shared account, enhancing disaster recovery readiness and operational flexibility. Logically Air-Gapped Vaults are encrypted using AWS-owned encryption keys. So, Elastio cannot mount the backups of EC2 and EBS directly from Logically Air-gapped Vaults. So, the Recovery Points can be scanned before going to Logically Air-gapped Vaults or restoring Recovery Points from the Logically Air-gapped Vaults. How Elastio works with AWS Backup Logically Air-Gapped Vaults Elastio offers flexible deployment options to cater to varying customer requirements, but two primary approaches are commonly used to inspect backups stored in AWS LAG Vaults. Approach 1: Scan backups in the Workload Account before they reach theLogically Air-GappedVault Elastio can be deployed in the Workload Account to inspect backups before copying them to the Logically Air-Gapped Vault. This approach allows Elastio to detect ransomware earlier in the attack cycle, identifying threats in your data before they reach the Logically Air-Gapped Vault. AWS Backup creates a recovery point in an AWS Backup Vault for an Amazon EC2 instance in the AWS account.Recovery Point creation triggers Amazon EventBridge.A Lambda function is triggered on the event and checks if the recovery point is tagged with “elastio:action=scan.”If the recovery point is tagged, the Lambda triggers Elastio scans. Steps to protect backups before moving to Logically Air-Gapped Vaults: Deploy Elastio in the Workload account with a CloudFormation Template.Deploy the CLoudFormation Template in the workload accounts to add tags to AWS Backup Recovery Points. Note that this step is required to protect EC2 Recovery points, as AWS Backup does not pass the metadata of the volumes to the Logically Air-Gapped Vaults. It will be challenging to correlate the volumes in the Elastio Console without this. Go to CloudFormation in AWS and click “Create Stack with new resources.” In Step 1, choose “Upload a template file”, upload the YAML file, and click Next In Step 2, give the name for the stack and click Next by leaving everything default. In Step 3, leave everything default and click Next. In Step 4, acknowledge at the bottom of the screen and click “Submit.” Add "elastio:action=scan" in the source account AWS Backup Plan. Go to AWS Backups and click the “Create backup plan” button. On the Backup Plan creation page, set a plan, and at the bottom of the page, add elastio:action=scan to the “Tags added to the recovery points – optional” section, as shown in the screenshot below. Click “Create Plan”. Once the plan is created, all the recovery points created with this backup plan are automatically scanned by Elastio. Elastio scans EC2 and EBS AWS Backup Recovery Points created by AWS Backup. To scan S3 and EFS Recovery points, Elastio scans the Recovery Points as part of a restore test plan. Approach 2: Scan the backups within theLogically Air-GappedVault Elastio can scan backups once they are stored in the Logically Air-Gapped Vault, offering a more centralized solution by inspecting backups from multiple workload accounts in one location. By sharing the Logically Air-Gapped Vault with a Recovery Account through AWS Resource Access Manager (RAM), organizations can inspect backups as part of a Restore Test process, ensuring that recovery points are clean before restoration. AWS Backup creates a recovery point in a Local Vault for an Amazon EC2 instance in the AWS account.The recovery point is copied from the Local Vault to the Logically Air-Gapped Vault.The Logically Air-Gapped Vault is shared with the Recovery Account using AWS Resource Access Manager to perform Restore Testing. Detailed instructions on sharing the recovery points are available in the blog: Introducing AWS Backup logically air-gapped vault. Perform a restore in the Recovery account via AWS Backup Restore Testing.An Amazon EventBridge event is triggered when the restore is completed.A Lambda function is triggered on the event and looks if the recovery point is tagged with “elastio:restore-test=scan.”If the recovery point is tagged, the Lambda triggers Elastio scans.The scan results are sent back to AWS Backup restore testing. Steps to protect backups in Logically Air-Gapped Vaults: Deploy Elastio in the Recovery account with a CloudFormation Template.Deploy the CloudFormation Template in the workload accounts to add tags to AWS Backup Recovery Points. Note that this step is required to protect EC2 Recovery Points, as AWS Backup does not pass the metadata of the volumes to the Logically Air-Gapped Vaults. It will be easier to correlate the volumes in the Elastio Console with this. Go to CloudFormation in AWS and click “Create Stack with new resources.” In Step 1, choose “Upload a template file”, upload the YAML file, and click Next In Step 2, give the name for the stack and click Next by leaving everything default In Step 3, leave everything default and click Next. In Step 4, acknowledge at the bottom of the screen and click “Submit.” Add "elastio:action=scan" in the source account AWS Backup Plan. Go to AWS Backup Console and click the "Create backup plan" button. On the Backup Plan creation page, set a plan, and at the bottom of the page, add elastio:action=scan to the “Tags added to the recovery points – optional” section, as shown in the screenshot below. Click “Create Plan”. Once the plan is created, all the recovery points created with this backup plan are automatically scanned by Elastio. Elastio scans EC2 and EBS AWS Backup Recovery Points created by AWS Backup. To scan S3 and EFS Recovery points, Elastio scans the Recovery Points as part of a restore test plan. Deploy the CFN to integrate Elastio with the AWS Backup Restore Testing. This CFN allows Elastio to scan recovery points as the ransomware protection step of the restore testing process. Go to CloudFormation in AWS and click “Create Stack with new resources.” In Step 1, choose "Amazon S3 URL", paste the link, and click "Next." In Step 2, give the name for the stack and click Next by leaving everything default. In Step 3, leave everything default and click Next. In Step 4, acknowledge at the bottom of the screen and click “Submit.” Add "elastio:restore-test=scan" in the source account AWS Backup's Backup Plan. Elastio automatically scans recovery Points with these tags as part of restore testing. Go to AWS Backup and click the “Create backup plan” button. On the Backup Plan creation page, set a plan, and at the bottom of the page, add elastio:restore-test=scan to the "Tags added to the recovery points – optional" section, as shown in the screenshot below. Click "Create Plan". Once the plan is created, all the recovery points created with this backup plan are automatically scanned by Elastio. Conclusion While AWS Backup Logically Air-Gapped Vaults provide secure storage, Elastio is the critical component that transforms this infrastructure into a truly resilient ransomware defense. By intelligently scanning and validating backups, Elastio enables organizations to confidently identify clean recovery points – a capability essential for effective cyber recovery. Without Elastio's powerful ransomware protection technology, enterprises cannot know that their securely stored backups are usable recovery points, exposing organizations to the devastating impacts of ransomware attacks.

Introduction We’re excited to announce that the Elastio Ransomware Recovery Assurance Platform now integrates with AWS Backup to provide enhanced protection for your mission-critical data. This powerful combination delivers an extra layer of defense against ransomware, ensuring your data remains secure, trusted, and ready for recovery when you need it most. Why This Integration Matters Ransomware attacks are on the rise, and organizations are increasingly turning to immutable backups, air-gapped storage, and bunker accounts to ensure data integrity. However, these measures alone don’t guarantee your recovery data is clean and free of hidden threats. That’s where Elastio comes in. With Elastio's integration with AWS Backup, you gain: Proactive Threat Detection: Elastio automatically scans and validates your backups for ransomware, malware, and corruption.Data Integrity Assurance: Ensure your backups are recoverable, clean, and free from compromises.Seamless Integration: Elastio works directly with AWS Backup, AWS Logically Air-Gapped Vault, and Amazon S3 to provide continuous validation without disrupting your workflow. How It Works The Elastio platform scans data as it's written to AWS Backup, identifying any signs of ransomware or other threats. By proactively validating your backups, you can confidently recover knowing your data is clean and uncompromised. Learn More To dive deeper into how Elastio and AWS Backup work together to strengthen your ransomware resilience strategy, check out the full AWS blog post: Read the Blog By integrating Elastio with your AWS Backup strategy, you can turn your recovery plan into a powerful, proactive defense against ransomware. Reach out today to see how Elastio can help secure your critical data and ensure business continuity.

The Digital Operational Resilience Act (DORA) is the EU's answer to rising cyberattacks on financial institutions. Recognizing the inevitability of cyber disruption, DORA mandates resilience requirements for European financial entities to ensure that their services can withstand cyberattacks. There is great pressure on institutions to demonstrate that their business is adequately compliant with these regulations, before they go into effect in January 2025. Fortunately, Elastio can help A Guide to How Elastio Helps Your Business Be DORA Compliant DORA encompasses four main pillars: ICT Risk Management, ICT-Related Incident Reporting, Digital Operational Resilience Testing, and Managing ICT Third-Party Risk. Elastio’s proactive inspection of backup data for ransomware addresses key requirements across these pillars. Learn how in our data sheet: HOW ELASTIO HELPS WITH DORA COMPLIANCE. With the January 2025 DORA compliance deadline approaching, financial institutions need to act now. Elastio is your partner in navigating the EU's new digital resilience standards. Our ransomware detection, backup integrity verification, detailed incident reporting, and continuous testing keep your business ahead of cyber threats and operational risks.

Your S3 data is vulnerable to ransomware attacks Amazon S3 is a popular choice for businesses due to its high availability, durability and cost-effectiveness. And its use is growing even more as organizations rely on AWS S3 as the foundation of their Gen AI data lakes. This widespread use and the storage of critical data make S3 an attractive target for threat actors. The risk of threat actors compromising S3 data is significant, as it can serve as both an entry point and a distribution point for ransomware. An example S3 threat pathway is when an attacker identifies a misconfigured S3 bucket that is publicly accessible or has weak access controls and uploads ransomware to it. Then a legitimate user unknowingly accesses the malicious file, leading to encryption of local and network files, operational disruption, and potential data loss. To secure against such attacks, it is crucial to tighten IAM controls and implement preventative measures, but also continuously verify the integrity of your data to promptly identify any compromises when they (almost inevitably) occur. Secure Your S3 Data Given this significant risk, Elastio customers asked us to extend our ransomware protection to continuously inspect their S3 data for ransomware and malware. This way, customers can be quickly alerted to any compromises and remediate threats before they spread. Elastio performs inspections both on the live data and on AWS Backups to ensure both early detection and clean recoveries from uncompromised backups. Elastio S3 Ransomware & Malware Protection Elastio offers the most comprehensive and flexible enterprise ransomware and malware protection for S3 – and at the lowest cost. With Elastio, customers can perform an initial inspection of all their existing S3 data upon deployment to ensure it is free from ransomware and malware. As new objects are added to your S3 buckets, Elastio automatically and continuously inspects them for any threats, providing ongoing protection. Additionally, Elastio enables periodic full inspections using the latest ransomware models and malware signatures to identify threats that were unknown during previous scans. Another key benefit is Elastio’s seamless integration with AWS Backup to ensure your S3 backups remain clean and uncompromised. With our most recent release, customers can now inspect even larger buckets for ransomware and malware without impacting production. Elastio’s license is priced based on the amount of storage protected rather than by scan, enabling regular, comprehensive scans without high costs, significantly enhancing your overall security posture.