How to Survive a Ransomware Attack: Five Backup Best Practices

By on
Read more about author JG Heithcock.

No matter what your business or industry is, data is a critical asset to your business. Without secure and dependable backup for data protection, you’re at the mercy of life’s many “what ifs,” whether the data loss comes from spilling a drink on your keyboard or a ransomware attack. 

In order to ensure that your business won’t be interrupted, your data won’t be irretrievable, and you will not be held to paying an exorbitant ransom (which may, or more likely won’t, get your data back), it is critical that you follow the following five backup best practices.

Best Practice 1: Encryption

Data backup that fails to harness the power of encryption is suboptimal. Encryption is one of the most powerful ways to protect sensitive information. It works by converting the data into an indiscernible secret code. If an unauthorized party gets their hands on your data, they won’t be able to make heads or tails of it without your encryption key. For best results, your backup solution should protect your data both when it’s stored on a device or computer (“at rest”) and when it’s being sent and retrieved over networks (“in transit”) via encryption algorithms that meet industry standards – SSL/TLS in transit and AES-256 encryption at rest. This will prevent anyone other than authorized users from snooping, even a cloud provider hosting your data on their systems. 

Best Practice 2: Immutability 

Many of the major cloud providers now support object locking, also referred to as Write-Once-Read-Many (WORM) storage or immutable storage. Users can mark objects as locked for a designated period of time, preventing them from being deleted or altered by any user. 

Users should seek a backup solution that integrates seamlessly with this new object lock feature to create immutable backups. The backup solution should enable a retention period to be set for backups stored on supporting cloud platforms. Within this immutable retention period, backups can therefore not be deleted by anyone/anything, even if ransomware or a malicious actor acquires the root credentials.

And for utmost control and protection, seek a backup solution that also provides powerful policy-based scheduling that predicts when backups will leave the retention policy and auto-protects any files that will no longer be retained, ensuring businesses always have point-in-time backups to restore within the immutable retention policy window.

Best Practice 3: Air Gap 

Using an air-gapped backup solution is another important step toward optimal data security. Air gapping simply means storing the backup data in a different area that’s offline and physically separated from where it’s being generated, whether it is the production environment or at the edge. Since the data is stored in an air gap configuration, it’s a lot harder for ransomware hackers or other illegitimate parties to intercept, gain access, and interfere with it. Historically, air gap storage was done with tape media, which required being physically stored offsite and secured. The more common option today is a cloud-based destination that is not accessible with standard networking protocols, which ensures a separate backup that’s secure and inaccessible to hackers. 

Best Practice 4: The 3-2-1 Rule

Your backup strategy should without fail follow the 3-2-1 backup rule, which states you should have at least:

  • 3 copies of your data
  • 2 media types for your backups
  • 1 backup stored in an offsite location

These several layers of protection help ensure that if you lose data in one copy, media type, or location, you’ll still have somewhere to turn to restore it. The best approach for any workflow has two components: 

  • a backup script with a local destination 
  • a backup transfer script to an offsite destination

Some common 3-2-1 workflows are combining disk and cloud, NAS and cloud, and disk and tape.

Best Practice 5: Coverage

Ensuring your backup solution covers your entire corporate data infrastructure is paramount to recovering every piece of critical data after a ransomware attack. This coverage needs to include servers, endpoints, NAS shares, and cloud storage. Many companies have certain older systems that they rely on, so it’s essential to protect a wide range of operating systems, including older ones. If you need the data, you need a backup of it.

Protect, Detect, and Recover

Over the past year, IT was bombarded with new and unusual challenges during the pandemic, such as the virtual overnight transition to a global work, learn, and live environment. With IT’s focus diluted by an ever-increasing punch list, cyber-criminals swooped in to exploit the situation with new, increasingly vicious, and determined ransomware and other malware. Even today, as we slowly begin to transition back, the ransomware threat doggedly persists. The situation is compounded by the fact that even after the ransom is paid, more often than not, the data isn’t returned. 

From oil lines to meat-packing plants to hospitals and government agencies, no organization remains immune. The news continues to be littered with stories of organizations paying exorbitant fees into the millions of dollars in the hopes of getting their data back and their operations running again. And those are just the stories we hear. There are countless others that never make headlines, as they are able to keep the situation under wraps, protecting their reputation and public trust. 

The truth is, of course, the answer lies not in one silver bullet, but rather a layered defense designed to provide protection against ransomware, detection when there is infiltration, and in the event of a successful attack, recovery via backup best practices. 

Leave a Reply