May 4, 2021 - doddy
4 Steps to Protect Backup from Ransomware
For years, businesses have relied on various backup strategies to help them recover from IT disasters, such as ransomware. Unfortunately, new ransomware attacks now target backups as well as production, making the situation more problematic.
Ransomware has become the root cause of many business infrastructure failures with staggering financial losses. The average cost to remediate a ransomware attack is about US$730,000, if the ransom isn’t paid. Surprisingly, the number escalates to $1.4million if the ransom is paid. Another worrying fact about ransomware attacks is that the number increased by 150% in 2020 as people started to embrace remote working or WFH. It is a threat that any business can’t afford to ignore.
Frankly speaking, no strategies could completely protect you from ransomware. For that reason, the best plan of action is to ensure the company is prepared to recover after the attack happens. Securing your data backup is critical to that process.
4 Steps to Ensure Your Backup Works against Ransomware
Do The Backup
The first thing is, obviously, do your backup. Conduct it correctly and regularly. What we suggest is to perform a 3-2-1 backup strategy. To do it properly, you need to have, at least, three total copies of your data. Two on-site/local backups on different mediums or devices and at least one off-site.
Having multiple copies of your data ensures you a higher probability of a successful recovery. Logically, you can always recover your data even if one of your backups cannot be accessed due to ransomware attacks or any other reasons.
Test the Backup and Recovery
The second step is to routinely test your backups to ensure that they truly work. During the tests, it is common to uncover things like missing software install disks and license keys that don’t refresh after recovery. For that reason, it is necessary to also store such data as install disks and license keys outside of your backup copies.
Wowrack recommends scheduling a regular test. How often you schedule the tests depends on your risks and data importance. One backup schedule does not fit all needs since different companies have different levels of tolerance. If you are not sure how often you should test your backup, you can always consult to an expert in the field.
Create and Document a Plan
Thirdly, it is necessary to create and document your plan. In the heat of the moment, it is easy to lose your way or spend critical time figuring out what to do. To put it simply, creating and documenting your plan ahead of time relieves possible stress and minimizes mistakes.
Some things to keep in mind while creating your plan are your Recovery Point Objective (RPO) and Recovery Time Objective (RTO). RPO determines how much data the business can afford to lose between backups. Meanwhile, RTO specifies the time required for system recovery.
Another tip: data worth paying extra attention to while creating the plan is Payroll and Accounts Payable/Receivable. Typically, recovering and rebuilding these data sets must be your top priority.
Separate Backups from Production
Finally, we suggest backing up off your domain to help keep your data secured. We also recommend using a unique and hard-to-guess username and password that is different from the administrator accounts. If possible, do not make a username that mimics your email address template.
Some service providers also strengthen your security by separating your backups from production. Wowrack, for instance, creates a backup network using separate NIC cards and specific ports to give you extra protection. Doing this inhibits bad actors from gaining access to your backup environment. Another extra but effective technique is having a data vault to store your backup that prevents deletion by any means other than expiration of a specific timestamp.
Bonus Recovery Tips
Even after recovery, however, similar ransomware attacks can still take place. This does not mean that your plans fail as ransomware can possibly reload during system restoration. Most of the time, the date when the ransomware attack began cannot be determined accurately. There is always a possibility that you recover a backup with ransomware in it.
To prevent it from happening, we encourage you to only recover data. Do fresh application installs instead of recovering the whole applications. By only recovering data, you can decrease the chances of reloading ransomware during system restoration.