The increasing prevalence of cyber threats, in particular ransomware attacks, can impose significant overhead costs to businesses offering storage and recovery services. Cyber-threats also pose a serious threat to the businesses themselves or to the owner of the data. As data volumes continue to grow and the rate of growth increases, the cost to recover encrypted, or otherwise obfuscated, data becomes ever greater. Backup and recovery service providers and solution vendors need to minimize the impact to their business operations and that of their customers in the event of a ransomware attack or other cyber-attack. They can face many challenges, including the early detection of an infection on a client's machine or network in order to minimize the damage inflicted on customer data.
An effective solution in the event of a successful attack (e.g., a ransomware infection) is through the maintenance of regular backups and the implementation of a disaster recovery plan. The objective of these measures are to completely restore business operations. However, this solution is not without drawbacks. In spite of these recovery plans, the attack typically subjects the data owner to downtime while waiting for the recovery process to complete. Depending on the scale of the attack and the level of penetration through a filesystem, recovery can range from hours to days. This can be potentially devastating to the operations and reputation of a business servicing customers. In addition, owners are increasingly faced with the possibility that their backups are still infected. This complicates the restore process when considering that the restored data may still be infected or subject to loss or attack. Systems and methods are needed to better protect and restore data, particularly in the event of an attack that results in lost data or in an attack that affects backed up data.