Stop Ransomware 4 – Backup and Disaster Recovery
Industry expertise by Martin Bannister, written by Jason Eichner
What happens if ransomware gets through all your preventative layers of security, and your files are encrypted? Let’s take a look at the final layers of security:
Layer 4 – Backup and Disaster Recovery
Sadly, no solution is completely perfect. With ransomware being so valuable cybercriminals are putting incomprehensible amounts of money into developing ever more undetectable and malicious strains of ransomware to separate honest businesses from their hard-earned cash. Thus, the risk of ransomware is ever-present, and a wise business will prepare for the worst.
So what do you do if your data is encrypted, or deleted, by ransomware? Well, the best answer is to restore your backup!
A good backup system will be image based, backed up offsite, and use incremental backup technology. Let’s take a quick look at those qualifiers in more detail, shall we?
Image based backups mean the entirety of the drive, server, or other device is completely copied across in a single archive file. This is the fastest and most incorruptible method of backing up data, for the lowest performance impact, possible with current technology.
Why back up offsite? Well; not only do offsite backups circumvent the risks of a flood, fire, or other disaster wiping out both the active drive and the backup, an offsite backup is not nearly as susceptible to ransomware as onsite backups are. The most sophisticated and modern ransomware today has learned to travel to onsite backup drives and attempt to encrypt them, whereas offsite backups are not on the same network, and are so protected against this infectious attack. This is examined in greater detail in the next blog post.
Incremental backups are, unsurprisingly, backups taken incrementally. This means that one backup does not immediately overwrite the last, and instead backups are taken in sequence, with older backups being rolled into one in sequence. Why? Say you take a single backup every day – if you get ransomware, it does not make itself known straight away, but does begin encrypting files; meaning the most recent backup may have a live strain of ransomware, and encrypted files, backed up on it. If this is your only backup, some of your files are likely lost forever! Instead, incremental backups allow for an extensive file history and protection from even the subtlest and slowest of ransomware.
Layer 5 – Professional Intervention
If you get a strain of ransomware and have no available backups, do you know who you’ll turn to? Is someone waiting in the wings to support your business in recovering files and rebuilding systems?
By having professionals ready to assist, you no longer rely entirely on technology. While cybercriminals may develop clever tricks to bypass security systems, it is a completely different ball game to go head to head with a cybersecurity professional.
With the massive success of ransomware, some malicious, but inexperienced, cybercriminals have turned to developing programs that imitate ransomware, but do not have the sophisticated encryption functionality. Instead they simply pop up an unclosable screen claiming your files have been encrypted, and charge a heavy ransom just to close that screen! A cybersecurity professional can quickly identify these imitators and remove them; however it is vital that this identification be done carefully, as attempting to remove real ransomware in the same way can cause irrevocable deletion of files!
So it’s simple, right? With some security solutions and a backup drive on the network, you’re completely protected against ransomware?
Not quite. Check in next time where we’ll be taking a look at some of the differences between backup solutions, and why some simply aren’t enough to protect against modern ransomware.