Ransomware encrypts all your data and makes it unusable unless you pay the ransom required. Best way to prepare for such an attack  is to have good quality data you can restore from backup. Here are key things to consider.

1. Review and update backup policies

The best defence against malware is being able to restore data from clean backups. However, backups will only work if they are robust and comprehensive and include all the data. CIOs should order a thorough audit of all business data locations. It is all too easy to miss critical data off a backup plan, whether they are held on local systems or in the cloud.

Best practice for backup remains the 3-2-1 rule: make three copies of data, store across two different forms of media and keep one copy off-site. To protect against ransomware, the offsite backup should be isolated from the business network.

2. Air gap business data

Cloud storage is an attractive technology to store long-term data backups, and in some quarters it has replaced physical backup media such as optical disks, portable hard drives and tape. It protects data from physical disruption, such as hardware or power failures, or fire and flood, but it will not automatically protect against ransomware. Cloud storage is vulnerable on two fronts: through connections to customer networks, and because it is shared infrastructure.

Ransomware can take out backup systems, which are the last line of defence against data loss.

The solution is to supplement cloud backups with tape or other mechanical backup media. Cloud can be the offsite copy, but keeping another dataset on tape, and keeping those tapes strictly offline, is the most reliable way to “air gap” data from a ransomware attack.

3. Make regular backups and review retention policies

It should go without saying that organisations should back up their data regularly.

Again, CIOs should review policies for frequency of backups, especially how often data is backed up to off-site locations (including the cloud) and mechanically separated media, such as tape. It might be that more frequent backups are needed.

IT teams should also review how long they keep backups, especially their air-gapped media. Ransomware often uses time delays to avoid detection, or “attack loops” to target apparently clean systems.

Organisations might need to go back through several generations of backups to find clean copies, requiring longer retention and, possibly, more copies. Keeping separate backups for critical business systems should also make recovery easier.

4. Ensure backups are clean and robust

Ensuring backups are free of malware is hard, but organisations should do as much as they can to make sure their backups are not infected.

As well as strict air-gap policies – such as taking media offline as quickly as possible – up-to-date malware detection tools are essential, as is system patching.

For extra protection, companies should consider write once read many (WORM) media such as optical disks, or tape configured as WORM. Some suppliers now market WORM-format cloud storage.

5. Test and plan

All backup and recovery plans need to be tested. This is critical to calculate recovery times – and establishing whether data can be recovered at all.

Using air-gapped, off-site media is best practice, but how long will it take to restore systems? Which systems are the priority for recovery? And will firms need separated, clean networks for recovery purposes?

CIOs should test all phases of the recovery plan, ideally using duplicate media. The worst scenario would be for a recovery exercise to contaminate existing, clean backups.

To stop ransomware you should also consider RC from Bullwall, last line of defence containment software. This will stop the ransomware attack and protect your data without the need to restore it from a backup.

Call Martyn on 01794 526088 to find out more.

Read the full article here Top five ways backup can protect against ransomware | Computer Weekly

Ransomware – cyber extortion that occurs when malicious software infiltrates your computer systems and encrypts your data, holding it hostage until the victim pays a ransom. Failing to pay the ransom will result in the data being published online and extensive downtime. The likelihood of ransomware attacks can be reduced using a plan covering these actions:

1. Conduct risk assessments and penetration tests to determine the attack surface and current state of security resilience and preparedness in terms of tools, processes and skills.

2. Establish processes and compliance procedures that involve key decision makers in the organisation, even before preparing for the technical response to a ransomware attack.

3. Conduct frequent exercises and drills to ensure that systems are always able to detect the attacks.

4. Back up not only the data but also every non-standard application and its supporting IT infrastructure. Maintain frequent and reliable backup and recovery capabilities. If online backups are used, ensure they cannot become encrypted by ransomware.

5. Restrict permissions and deny unauthorised access to devices. Remove local administrator rights from end users and block application installation by standard users, replacing this with a centrally managed software distribution facility.

6. Research government and regional authorities that have provided guidelines on how organisations can fortify their IT infrastructure against ransomware.

Another layer of protection would be to implement anti-ransomware software RC from Bullwall. It is an innovative, last line of defence software which protects your confidential data against ransomware attacks from any user on any device. It provides a complete 24/7 containment solution.

Contact Martyn to book a demo on 01794 526088 or email  m.pegram@aomltd.co.uk

Source: ‘6 Ways to Defend Against a Ransomware Attack’, Gartner