Thursday, March 16, 2023

How to Escape the Ransomware Attack Loop

How to Escape the Attack Loop

I recorded a quick interview with Eric Simmons, CEO of Asigra for next week's SMB Community Podcast (see The interview will air Thursday the 23rd. One of the things he mentioned is what Asigra calls the attack loop. 

You might not have a handy name for the Attack Loop, but you've seen it (or at least feared it). Basically, you backup data that includes a lot of bad content, including:

  • Viruses and ransomware
  • Old code with "hooks" that can be used for viruses and ransomware
  • Old code with problems that could be fixed . . . but they're not fixed inside your backup
  • and so forth.

The problem is that a basic data restore will restore all this bad content along with the good. So, even an "air-gapped" backup is not clean because a restore will bring back problems that are inside the backup. The worst case scenario is that a client has a ransomware incident, recovers from backup, and immediately has a repeat incident. Hence the loop.

Today, pretty much all backups have bad content such as ransomware. Asigra notes that about 40% of companies with good backups still end up paying ransomware (see the video on this page:

Scanning During Backup Isn't Enough!

One obvious solution is to scan everything as it moves to backup. That's great. But the backup will still contain time-release attacks, not-yet-discovered attacks, and not-yet-identified malicious code. So, no matter what you do, your backups will always include content you don't want to bring back. 

The solution is to clean the data during recovery. In this way, even an infected backup will result in a clean recovery. And, of course, the older the restore point, the more bad content there is in the backup because older backups occurred before the malicious code was identified.

The world of backup and recovery is always changing, but bi-directional scanning of backups goes a long ways to getting your client out of the Attack Loop.


Note: This is NOT a paid post, but I DO thank Asigra for sponsoring the SMB Online Conference, headed your way in May 2023. See more information at

Also - Please join us April 19th for a webinar with Eric Simmons entitled, "Does Your Backup Protect Your Against the Latest Ransomware Attacks?" Register now at


No comments:

Post a Comment

Feedback Welcome

Please note, however, that spam will be deleted, as will abusive posts.

Disagreements welcome!