Backup to Prevent Ransomware - 5 Things you can do
RDX and LTO
Ransomware is one of the biggest headaches for corporate IT managers today and proving incredibly hard to control. The reality for most businesses and governments is not when they’ll be the victim of a ransomware attack but when.
Some of the most common ransomware viruses are CryptoLocker, Locky, Magic, NanoLocker and Paycrypt. In a typical ransomware attack, an employee receives a seemingly innocuous link or attachment. Once they open it, malware is unleashed that encrypts the organization’s data or locks users out of their PCs. The only way to get the data unencrypted or access machines is to pay the hackers a fee.
Many unsuspecting organizations have fallen victims to such attacks. Recent news reports list a Sheriff’s office in Arkansas paying the equivalent (in Bitcoin) of $2,400 to unlock its systems and a hospital in Los Angeles paying $17,000.
Up to 40 per cent of spam emails are believed to carry ransomware. Others find themselves infected after viewing innocuous looking images on social media sites such as LinkedIn and Facebook. Viruses such as Popcorn even give users the invidious choice of paying a ransom or getting a free key in return for infecting two other users’ machines.
With more than 4,000 such attacks occurring every day, it’s estimated ransomware operators collected $1 billion from victims around the world in 2016 alone. Worse, the rate of attacks is still growing by about 300 percent a year.
That’s the problem but what’s the solution? There are really only two answers if you get attacked: pay the money or rewind your system to before the attack occurred. Obviously, the latter is preferable, so here are five steps you can take to ensure you won’t be held hostage the next time one of your people accidentally kicks off an attack.
Complete regular backups
The key to overcoming ransomware attacks is to have a full and current backup of your data so that you can restore your system to its state before you were attacked. Achieving that requires you make regular backups of all your essential information. Ideally these backups must be done on an almost continuous basis, but in a way that is very unobtrusive to users.
It is also important to store backups for six months or even a year because ransomware can lurk in your system for an extended period.
Isolate your backup from all devices (endpoints)
While many people do maintain regular backups, they make the mistake of not enforcing a high degree of separation between their operational systems and their backups. This means that once a piece of ransomware is activated, it infects not only active data but may infect backups as well, which leaves organizations without any clean copies to restore from.
It should be noted that ransomware can spread from on-premises equipment to disaster recovery data centres and even cloud-based backup systems. Basically, if you have mapped or linked to a drive, ransomware can follow that path and establish itself.
Verify your backups
Organizations regularly get the first two steps right but only discover that their backups are out of date or incomplete when they need to call on them. To ensure you’re always ready to respond to a ransomware attack, it’s essential to continuously test that your backups are occurring as scheduled and delivering high-quality results.
It is also important to ensure that backup files are correctly saved as different versions to originals for them to remain clean (meaning, not infected by malware). The issue here is that some endpoint backup solutions allow administrators to disable file versioning as a way of reducing storage costs. Organizations should to careful and leave file versioning always on, or even better, select backup solutions that do allow file versioning to be disabled.
Follow efficient recovery practices
Most users now expect systems to return to normal within four hours of a shutdown, and even that will seem an eternity to employees who suddenly can’t work due to an attack. This means it’s also essential to review your recovery time objectives and your capacity to meet them.
The key point here is the ability to restore your entire system to a clean state, known as a point-in-time restore. This allows end users to restore previous versions of files from any given time and removes the need for end users to restore each file individually to the correct state. Users should also be able to run restores by themselves, rather than relying on desktop administrators, or even worse, a vendor’s technical support team.
Protect your backups
Finally, it’s critical to ensure that your backups are held in a location and format that are secure. Strategies include ensuring that backups are held in a physically separate location and that all backup data is encrypted. This in turn requires you to have an effective strategy for managing your data encryption systems and keeping them safe.
Take a look at LTO-7 Tape backup options and RDX
removable disk storage. Contact your BackupWorks Account Rep today at 866
801 2944