How to fight Ransomware using Backup Technology


With the amount of ransomware cases seeming to increase every day this is coming more and more a problem. Ransomware cost hundreds of millions in damages worldwide en is increasing rapidly.

Modern total data protection solutions take snapshot based incremental backups on frequently based.

if your business suffers a ransomware attack, this technology allows you to roll-back your data to a point-in-time before the corruption occurred. When it comes to ransomware, the benefit of this is two-fold. First, you don’t need to pay the ransom to get your data back.

Second, since you are restoring to a point-in-time before the ransomware infected your systems, you can be certain everything is clean and the malware cannot be triggered again.

Recent surveys illustrated how extensive ransomware threats have been and recent studies show that an adequate backup solution is the best remedy. Therefore you need an adequate disaster recovery plan. This blogpost is about recovery and not preventing ransomware. I will blog about that later.

A great backup solution is not the answer for preventing Ransomware but it is the best way to provide a fast recovery. This way downtime and data loss is minimized.

While it may seem basic, experts agree that a solid backup plan is still the best prescription for addressing the threat of ransomware.

But what exactly does implementing a backup plan really mean, and what does a well-executed plan look like?

Working backup

Make sure your backups are working. test them! A green check mark isn’t enough!

According to an recent study by Symantec, most large companies test their backup plans on average once a year.

Simple backups should be tested much more frequently — at least once a quarter and whenever there is a major hardware or software change to your backup system. It’s particularly important to run a test after upgrading or changing major components in your backup system (for example the firmware version) to make sure everything works properly with the rest of your system.

Testing should consist of more than just simple some file restores. For example, if you just restore a couple of files you can’t be sure that your directory trees and other features are working as they are supposed to.

When you test a restore, take a minute to study the directories to make sure everything that should be backed up is actually backed up. The test should include restoring entire folders, complete with subfolders, as well as one or more critical applications.

Don’t forget your application-aware backups like SQL/Exchange etc. Some things are very difficult to test in their natural environment, but therefore you could use an OTAP environment. You can take advantage of your hypervisor and your backup solution for that purpose.

Retention

Good data retention policies are necessary, you need to be able to restore data at least two weeks old, better a month Recent studies discovered that large companies are infected months before they notice they are infected! How long are you keeping your backups? 14 days? 7 weeks? 6 months? Review, validate and, if needed, modify the retention policy (as defined in your backup policy) to ensure a sufficient Recovery Point Objective (RPO).

This may vary depending on your particular industry and regulations, and internal IT policies — IT, Legal, and Compliance teams — will make the call on data retention needs.  Rest assured that no matter what length you choose, the more the better. Using Cloud storage like Azure or Amazon could help you keeping the costs acceptable.

Offsite backup

A necessary part of the DR plan is to create an offsite backup as part of your backup strategy. Backups are critical. But, if you’re just performing regular backups to a single location, you’re missing an important part of your backup strategy. You need your files stored in separate physical locations.

Copy Backups Offsite

By using Nakivo Backup & Replication you can keep the copies of your backups locally, having at least one copy of your most critical backups offsite. This can save you from a lot of trouble in case a local disaster wipes your primary backups.  The secondary Backup Repository can be placed in any location that has a connection to the Internet, because backup data can be transferred via AES 256 encrypted link, and your secondary backup repository can be encrypted as well:

nakivo_offsite

Copy Backups to the Cloud (for example Amazon or Azure)

By Using Nakivo Backup & Replication you can use create fast, reliable, and affordable copies of your backups in the Cloud. This way your backup files are safely stored.

nakivo_offsite_amazon

More information about Nakivo Integration with Azure Cloud here.

Conclusion

Testing your backup strategy on a regular base is essential to make sure your backup solution does what it’s supposed to do! Offsite backups are a necessary fail safe to make sure backups are safe and can be relied on.

If an organization has no offsite disaster recovery facility, then backups to cloud should be considered as a means to safely store data outside of the scope of potential malware infection. Retention policies also can be leveraged to make sure data is kept for the period that makes sense to the business and that allows for recovery point objectives to be met.

 

Leave a Reply