Employing layered endpoint security and regular end user training is absolutely critical when it comes to protecting your data from ransomware. But the simple fact is, no amount of education and security will prevent every attack. That’s where backup and recovery comes in. It’s the insurance policy that protects you from ever doling out a single bitcoin.
How do you ensure your data is recoverable? How do you increase the resilience of your systems?
We’ll explore the best practices that will allow you to operate “business as usual,” regardless of a cyber criminal’s ability to breach your defenses.
Assess levels of data availability against business requirements
Your IT budget is finite. So, the first step in implementing a robust backup and recovery strategy is to identify the level of availability your data requires.
A retail business may plug along just fine without a marketing brochure for a day, but an encrypted point-of-sale application could be crippling. Likewise, an inability to access accounting systems for several hours might be a tremendous inconvenience for a hospital, but encrypted patient records could threaten lives.
So, take the time to document all of your systems, applications, and data. Then, identify which are business-critical and which won’t impact your organization if they take a day to recover.
With this information in-hand, you’ll be equipped to target the right data with the right level of availability, both delivering on business requirements and ensuring you stay within budget.
Adopt a 3-2-1 backup strategy
Backup isn’t sexy, but it’s worth your time to get it right. That’s because ransomware encryption is becoming more and more sophisticated—meaning brute force decryption is now a near impossibility.
If your systems are infected and you have a sound backup strategy in place, however, your organization will live to fight another day.
Redundancy is the name of the game here. That’s why we recommend you implement a 3-2-1 backup strategy, which means you maintain:
- Three copies of your data, at minimum
- Two local copies—with one of those copies leveraging offline media
- One copy replicated off-site
Ensure both Windows and Linux systems are protected
While ransomware infections on Windows systems are nothing new, recent attacks on Linux servers are snapping some from their false sense of security.
To be clear: No server, operating system, software, or application is safe from ransomware. Some are just targeted more heavily due to their greater market share.
Today, Windows infections are largely the result of:
- Phishing emails
- Office vulnerabilities
- Macros in Office documents
Meanwhile, the use of Linux on a desktop system is rare. That’s why Linux ransomware attacks are most often seen on the server. That’s why we recommend you protect Linux servers with an antivirus product that supports Linux.
We also recommend that you set permissions on your executable files. That way, you’ll be able mitigate attacks on those files to an extent.
Optimize your backup for successful ransomware recovery
It’s not uncommon for an IT admin to run a backup after business hours, and then cancel that backup the following morning because it’s still running at the start of the workday.
And, when that happens, your organization is vulnerable to data loss.
That’s where deduplication comes into play.
When you leverage source-side global data deduplication, you dedupe data at each node, site, and job. And, that means you’re able to tighten backup times and reduce your backup footprint—saving you time and money, while improving your ability to recover from ransomware
Leveraging virtualization for increased recoverability
Virtualization can play a critical role in your ransomware recovery strategy.
Enable your IT team to spin-up instant virtual machines and leverage virtual standby, and you’ll leverage a cost-effective way to ensure optimum data availability. Remember, you can access these capabilities via public cloud services, like AWS, or through your hypervisor.
Ransomware recovery testing
A backup and recovery strategy isn’t worth the paper it’s printed on, if it’s not effective. And the only way to know if its effective is to test—and test often.
That’s why we recommend leveraging automated testing and non-disruptive disaster recovery testing as part of your broader backup and recovery strategy. With these capabilities in place, you’ll be empowered to test more often and more cost-effectively.
Furthermore, the resulting RPO and RTO reporting will immediately help you identify if you’re meeting your objectives, where your weaknesses lie, and whether further data protection investment is called for.
Your backup and recovery deployment options
Whatever backup and recovery solution you choose, keep in mind that it will be your lifeline should you get hit by a ransomware attack. Seek reliability, efficiency, and cost-effectiveness.
It’s a form of insurance you can’t be without.
Here are some options you’ll want to consider.
Cloud backup and recovery
Affordable, encrypted cloud-based public options are out there—and they’re definitely worth exploring.
Amazon AWS, for instance, is one option that offers flexible offsite backup and recovery. With its powerful cloud integration, you can:
- Replicate recovery points to the cloud
- Spin up virtual machines for business continuity
- Leverage virtual standby to ensure efficient recovery
You’re also able to customize recovery point objectives (RPO) and recovery time objectives (RTO) to manage costs.
Data protection appliance
Data protection appliances are another option for a range of applications, including small and medium-sized businesses and remote offices.
They offer an all-in-one hardware, plus software solution, including:
- Storage and deduplication
- Cloud gateway
And, since they’re a plug-and-play solution, they deliver the simplicity that allows IT generalists—and those without any IT background at all—to unbox and deploy in minutes.
Offline media can play an important role in your backup and recovery strategy—especially where minimizing costs comes into play.
Offline media options worth your consideration, include:
- USB disks
- Offline public cloud
The art of the scam is nothing new. While ransomware attacks now fuel a continuous stream of breaking news, we only have to think back to the many distraught Nigerian princes—all who suffered the loss of their uncles and were desperate to find safe places to stash their unexpected inheritances—to remember how long these “spray…
If the ransomware threat wasn’t already keeping you up at night, surely the attack on Atlanta has left you questioning the strength of your cyber defenses and disaster recovery. Now, it should be abundantly clear to all who work in local government that you are under attack. And, it’s up to you to ensure critical…
Once again, cyber attackers are proving no one is safe from a ransomware attack. This time, it’s the City of Atlanta that has fallen victim. So, what do we know? Experts suggest Atlanta may have been infected by a variant of SamSam ransomware; the same family deployed against governments and hospitals since 2015. In this…
Like a terrible foot fungus, and not nearly as pleasant, SamSam ransomware just won’t go away. This customized ransomware strain first entered the scene in 2016 and, today, it’s powering the types of targeted cyber attacks that should give all of us pause—especially those in the healthcare industry. Just consider this: In the past three…