Ransomware attacks continue to rise significantly. In the first half of 2022 alone, there were over 236 million ransomware attacks. While many companies pay the ransom demanded, there are no guarantees the data will be recovered. The best protection is to have reliable, immutable backups and a solid disaster recovery plan. N2WS provides a ransomware-proof solution for backing up and recovering AWS workloads with features like immutable S3 backups using object lock and the ability to restore backups even if the N2WS agent is compromised.
Precise and Complete Requirements? An Elusive Goal
Immutable Backups Slides.pptx
1.
2. The current state of ransomware
76% of companies threatened admit to paying a ransom
!
200% increase in new ransomware variants
!
#1 cause of loss (at 51%) of total incident costs, followed by hacking
!
#1 AWS Recovery
$1.54 Million average (mean) ransom. Almost 2X the $812,380 of 2022
!
92% increase in policy premiums for cyber insurance since last year
!
236.7 Million ransomware attacks in the first half of 2022
!
3. Notable recent ransomware attacks
Minneapolis School District —March 2023
• After failing to pay $1 million to keep its information from being leaked, hackers posted online
sensitive data going back to 1995
• The event shut down many Minneapolis schools, but the school district downplayed it calling
it ‘an encryption event’ and not providing safety protocol in a timely manner (i.e. change
passwords, use multi-factor authentication, be vigilant of credit card purchases)
Although forced to disclose data breaches, companies and institutions often downplay them…
!
!
#1 AWS Recovery
Rackspace —December 2022
• The attack caused significant outages and disruptions for its Hosted Exchange services.
Beginning Dec. 2, customers were unable to access their mail services in what the cloud
service provider called a "security incident."
• Four days later, Rackspace confirmed the outages were caused by ransomware and began
migrating its Hosted Exchange customers to Microsoft 365.
• Rackspace declined to comment on whether it received or paid a ransom
4. To pay or not to pay the ransom?
MYTH: Paying ransom guarantees your data back
� Only 42% of companies report being able to fully
recover data after an attack
� Many times bad guys will attack a 2nd time knowing
they can extort another payment
TRUTH: The only guarantee of returning your data is to have a
reliable backup & recovery solution in place.
#1 AWS Recovery
5. The biggest cost isn’t the ransom
❌ Data damage
❌ Restoration of host systems and data
❌ Downtime due to attacks (no productivity/revenue)
❌ Forensic investigation
❌ Damage to the reputations of victims
Downtime creates loss of productivity of users and responders, exposure
of sensitive data, loss of revenue – current and future costs include:
*Loss of productivity & non-availability is the primary business impact of ransomware
#1 AWS Recovery
6. Ransomware-as-a-service
Most Popular: RaaS Affiliate Model
RaaS Operator (Seller) RaaS Affiliate (Buyer)
Recruits affiliates on forums Pays to use ransomware
Gives affiliates access to ransomware
through a ‘builder’
Targets victims
Sets up payment portal Sets ransomware demand
Assists with negotiations Communicates and negotiates with
victim
Wall of Shame: Manages dedicated leak
site
Manages decryption keys
❌ The RaaS market is competitive,
sophisticated, BIG, and growing.
❌ Low barrier of entry and versatile
models depending on profit sharing,
flat fees vs monthly subscriptions, etc.
Remote working
❌ Weaker controls on home IT
❌ Higher likelihood of users clicking on
ransomware lure
❌ Firms are negotiating and paying
ransom! This perpetuates and
encourages malicious attacks.
❌ Anonymity of cryptocurrency creates
minimal criminal traceability.
Easy money
#1 AWS Recovery
Why is ransomware surging?
7. “Ransomware-proofing” the Castle Analogy
Any single element does
not provide a complete
security solution against
ransomware.
Backup and DR is the
last line of defense.
Anti Malware/ Anti
Phishing
Email Filtering/Web
blocking
Software Updates &
Employee Training
Effective Backup
and DR
#1 AWS Recovery
8. #1 AWS Recovery
How ransomware works
Image source: https://blog.alta.org/2022/03/ransomware-101.html
9. Satisfy compliance
requirements
Protect
against bugs
Protect against
malicious attacks
Protect against
accidental deletion
Protect against
human error
Capture a
“Golden Copy”
Immutablity = unchanging over time
#1 AWS Recovery
Immutable backups —what are they?
10. ✅Enabled by WORM-compliant data
storage (write once, read many)
✅This ensures that the backup copy
created is not altered or deleted
✅Configurable: A fixed retention period
is configured during which the data
stored in it remains locked
Write Once Read Many
#1 AWS Recovery
Immutable backups + the WORM model
11. Operational backup & disaster
recovery (DR) built for AWS.
Flexible policies —scheduling from
minutes to months.
Distributed as an AMI through AWS
Marketplace.
Near-zero RTO, recover in seconds
from any type of outage across AWS
regions and accounts.
N2WS #1 backup & recovery for AWS
User-friendly interface with
dashboards, monitoring, alerting,
reporting, and third-party integrations.
#1 AWS Recovery
12. • Founded in 2012 with a mission to simplify Backup
and Recovery for AWS
• Top rated on AWS Marketplace and AWS Premier
Partner
• Purpose-built for AWS & distributed via AWS
Marketplace
• Thousands of global clients, backing up hundreds of
thousands of EC2 instances
•Winner of 18+ industry awards
N2WS: A pioneer in data lifecycle
management on AWS
#1 AWS Recovery
13. ✅For snapshots you’re uploading to S3 for long-term cost
savings, N2WS provides additional security protection
using S3 Object Lock
✅Retention settings are applied on the version level. Once
you create a bucket with S3 Object Lock, you can’t disable
Object Lock or Suspend Versioning for the bucket
✅Use Object Lock and N2WS to store to any S3 storage
class, including S3 Glacier
✅No additional cost —from N2WS v4.1
LONG-TERM Immutability
https://n2ws.com/blog/amazon-s3-object-lock-part-1 #1 AWS Recovery
Immutable S3 backup using object lock
14. ✅Native snapshots by default cannot be
altered. But the risk of deletion remains.
✅For extra security on short-term, high
availability workloads, copy snapshots to
a DR account and do not give N2WS
permission to delete. If there is a
malicious attack or attempt, this will have
a faster RTO than S3.
✅Protect against BOTH region failure and
account compromise.
#1 AWS Recovery
Create a highly secure “snapshot vault”
SHORT-TERM, HIGHLY AVAILABLE
15. ✅Test your recover operations. Execute
an ad hoc restore to specific points in
time with just a few clicks.
✅ Verify certain resource properties are
recovered (i.e. VPC, subnet, security
group, key pair, instance type)
✅Set recovery order – Determine the
order each target is recovered
✅Easily check issue via logs in the case
of a failed Recovery Scenario
#1 AWS Recovery
Disaster recovery drills & testing
https://aws.amazon.com/blogs/apn/how-to-orchestrate-and-test-recovery-scenarios-with-n2ws/
16. ✅ Automatically copy to Azure blob
storage using Leases for Immutability
protection
✅ Ensures governments are prepared
for a multi-cloud future (new multi-
cloud compliance rules will soon
come into effect)
#1 AWS Recovery
Cloud-native, agentless cross-cloud DR
Available with N2WS Backup & Recovery 4.2
17. Modern ransomware attacks
disable known backup products
before encrypting data.
The infrastructure-as-a-service
(IaaS) model of N2WS eliminates
the attack surface.
#1 AWS Recovery
Total data sovereignty with N2WS
❌ The Problem ✅ The Solution
18. N2WS can restore itself
Even if your N2WS server becomes
compromised, N2WS can restore
itself from snapshots using metadata
that is automatically backed up.
Backups continue running
Backups can continue to run
even if N2WS Agent is disabled.
Even without an active Agent,
backups are fully restorable.
Backups are always restorable
N2WS backups can be restored —
even without N2WS— using EC2
console (for native snapshots)
Total data sovereignty with N2WS
Indestructible backups
Backups aren’t kept on any Windows/Linux
machine or network share —so an attacker
can’t destroy them.
#1 AWS Recovery
1 2
3 4
19. ✅Setting up your S3 Buckets with Object Lock
✅Using N2WS Support for Object Lock
✅Using N2WS to create a highly secure
Snapshot Vault
#1 AWS Recovery
Let’s see this in action: live demo
We’ll walk through:
20. We’re top-rated on the AWS Marketplace and you can install
directly from there or Azure Marketplace.
You can also request a custom quote + plan directly from us.
Sign up for a full-featured 30-day FREE trial: get.n2ws.com/trial
#1 AWS Recovery
How to get started
Get it from