Ransomware encrypts all your data and makes it unusable unless you pay the ransom required. Best way to prepare for such an attack is to have good quality data you can restore from backup. Here are key things to consider.
1. Review and update backup policies
The best defence against malware is being able to restore data from clean backups. However, backups will only work if they are robust and comprehensive and include all the data. CIOs should order a thorough audit of all business data locations. It is all too easy to miss critical data off a backup plan, whether they are held on local systems or in the cloud.
Best practice for backup remains the 3-2-1 rule: make three copies of data, store across two different forms of media and keep one copy off-site. To protect against ransomware, the offsite backup should be isolated from the business network.
2. Air gap business data
Cloud storage is an attractive technology to store long-term data backups, and in some quarters it has replaced physical backup media such as optical disks, portable hard drives and tape. It protects data from physical disruption, such as hardware or power failures, or fire and flood, but it will not automatically protect against ransomware. Cloud storage is vulnerable on two fronts: through connections to customer networks, and because it is shared infrastructure.
Ransomware can take out backup systems, which are the last line of defence against data loss.
The solution is to supplement cloud backups with tape or other mechanical backup media. Cloud can be the offsite copy, but keeping another dataset on tape, and keeping those tapes strictly offline, is the most reliable way to “air gap” data from a ransomware attack.
3. Make regular backups and review retention policies
It should go without saying that organisations should back up their data regularly.
Again, CIOs should review policies for frequency of backups, especially how often data is backed up to off-site locations (including the cloud) and mechanically separated media, such as tape. It might be that more frequent backups are needed.
IT teams should also review how long they keep backups, especially their air-gapped media. Ransomware often uses time delays to avoid detection, or “attack loops” to target apparently clean systems.
Organisations might need to go back through several generations of backups to find clean copies, requiring longer retention and, possibly, more copies. Keeping separate backups for critical business systems should also make recovery easier.
4. Ensure backups are clean and robust
Ensuring backups are free of malware is hard, but organisations should do as much as they can to make sure their backups are not infected.
As well as strict air-gap policies – such as taking media offline as quickly as possible – up-to-date malware detection tools are essential, as is system patching.
For extra protection, companies should consider write once read many (WORM) media such as optical disks, or tape configured as WORM. Some suppliers now market WORM-format cloud storage.
5. Test and plan
All backup and recovery plans need to be tested. This is critical to calculate recovery times – and establishing whether data can be recovered at all.
Using air-gapped, off-site media is best practice, but how long will it take to restore systems? Which systems are the priority for recovery? And will firms need separated, clean networks for recovery purposes?
CIOs should test all phases of the recovery plan, ideally using duplicate media. The worst scenario would be for a recovery exercise to contaminate existing, clean backups.
To stop ransomware you should also consider RC from Bullwall, last line of defence containment software. This will stop the ransomware attack and protect your data without the need to restore it from a backup.
Call Martyn on 01794 526088 to find out more.
Read the full article here Top five ways backup can protect against ransomware | Computer Weekly