Ransomware attacks can devastate a business, with cyber gangs encrypting crucial data and holding it hostage. Experts agree that backups form a critical element of ransomware defense. But what happens when the backup fails or when ransomware hits the backup itself? Take steps to defend backups from ransomware vulnerabilities and protect an important safety net.
Consider the following scenario. Your organization suffers a ransomware attack. You turn to your backups, only to find that you have been locked out of your own backup. Or you attempt to recover from backup, but the recovery fails. In either case, you stand to either lose critical data or pay a hefty price for a decryption key that may or may not work.
The following steps will help to ensure that these worst-case scenarios never happen.
1. Follow a 3-2-1 Backup Strategy
The 3-2-1 rule for backups means that you keep three copies of your data on two different media, with one copy offsite. Three copies of the data typically include the original data, a local backup stored close by, and an off-site backup. This diversifies the risk.
While the local backup has the benefit of accessibility, it is connected to the primary environment and thus vulnerable. Thus, another disconnected backup proves essential. An air-gapped backup makes a wise choice for this second, more secure backup. Because it lives offline, isolated from the main networks, bad actors have no way to reach it.
2. Regularly Test Backups
However, do not assume that just conducting regular backups provides the necessary protection. Backups can fail due to software glitches or media failure. They can become corrupted due to storage issues. Or human mistakes during backup setup may cause problems.
Consequently, you should regularly test your backups to ensure that you can reliably recover your data. This includes making sure you can completely restore all files to a clean system and that the restored data matches the original data.
3. Create an Immutable Backup
When something is immutable, it cannot be changed or deleted. Immutability plays an important role in ransomware protection, particularly in terms of backups. Ransomware gangs know that a solid backup weakens their ability to obtain a ransom or inflict major damage. As a result, they often attempt to corrupt or delete the backups themselves.
An immutable backup, however, cannot be modified once created. And it can only be deleted once its retention period has expired.
4. Implement Effective Access Controls
Strengthen access controls to ensure that only a few authorized personnel have permission to modify or delete backups. This includes using robust authentication methods such as MFA to verify user identity. And it may involve using role-based access controls that tie permissions to the user’s role within the organization rather than to the individual.
5. Maintained Versioned Backups
Versioned backups involve multiple, time-stamped snapshots of data at various points in time. Unlike a traditional backup that simply overwrites the previous copy, versioned backups preserve multiple past states of your data. This means that if a file has been changed or deleted, you can restore back to a specific version before the change occurred.
In the case of a ransomware attack, particularly when some time lapses before the ransomware is discovered, versioned backups allow you to revert back to an uninfected state. When implementing versioning, determine how many versions to keep and for how long. This will depend on both the nature of the data and your storage capacity.
6. Use Strong Encryption
To further protect your backups, encrypt them both in storage and while in transit. This helps to ensure that bad actors cannot access the data even if they manage to compromise the backup. Use strong encryption algorithms such as AES-265. Additionally, be sure to securely manage the encryption keys, and do not store them alongside the backups themselves.
7. Monitor for Unusual Activity
Network monitoring plays an essential role in any ransomware defense strategy. Make sure that monitoring covers the backup systems, as well, alerting appropriate personnel when any unusual behavior or unauthorized access occurs.
Defend Backups from Ransomware Vulnerabilities to Safeguard Critical Business Data
According to the latest Sophos State of Ransomware Report, nearly 60 percent of organizations suffered ransomware hits last year. And recovery costs are soaring. In addition to strengthening other cyber security measures, take the time to review and update your backup strategy. With proven solutions such as eCare Cloud Backup, eMazzanti will help ensure backup success.