Ransomware attackers will attempt to locate your backups, steal the data from them, and then delete them. If you can prevent this, you can recover from an attack without giving in to blackmail.
Ransomware has been a red-hot problem for some time now. As they usually do with important events, ransomware attackers have been setting traps using the COVID-19 pandemic as a lure. That makes this a time for special alertness and a review of whether existing procedures are adequate enough to prevent or mitigate an attack.
Backing up your data is a key part of the defense against ransomware and other malware. If the backups are wiped out by ransomware, this defense is rendered useless. Ransomware attackers often try to find and delete or encrypt backups, many of which are accessible through compromised accounts. The loss of backups, even just recent backups, makes an attack a much more costly event and limits your ability to resist the attacker. What are practical ways to ensure this does not happen?
As with most security precautions, there is no 100% guaranteed way to protect your backups. But by following best practices, you can significantly increase your chances of being able to use backups for recovery from the attack with minimal losses of time and business. Having backups available won’t remove the need for an organized response to the attack run by incident response professionals, but it will make the recovery process quicker and easier.
The best backup practices can involve nontrivial cost and diligence by IT personnel. The methods used, mostly involving the 3-2-1 rule, are the right way to protect your organization—not just from ransomware but from myriad other problems that over the years have crippled companies and ruined careers. But, even if you’re not going to go to the lengths you should in backup, there are actions you can take to lessen the vulnerability of your backups in the event of an attack.
Follow the 3-2-1 rule of backup
- Three copies of the data are backed up
- Two different storage media are used for the backup
- One copy of the data is kept off site
The goal of the 3-2-1 rule is to increase the chances that a backup will be available. Keeping a copy remote protects you even in case of a fire or natural disaster. Backup strategists keep adding numbers to make corollaries of the rule. For instance, to find out what the 3-2-1-1-0 rule is, read this Vembu blog.
Enterprise backup software is generally designed to facilitate this approach as a best practice. Typically, one copy will be kept on an on-site storage device like a deduplicating backup appliance or high-density disk storage system. At least one of the others is written to an off-site deduplicating backup appliance or tape. But a cloud storage service is a candidate for one of the copies as well. CONTINUE READING https://www.hpe.com/us/en/insights/articles/protecting-backups-from-ransomware-is-as-easy-as-3-2-1-2005.html?jumpid=in_510397410_NXTprotectingbackups_smc050420
