In our last article, we described the recent situation many organizations hit by the WannaCry strain of ransomware experienced – and the possible responses. In some cases, organizations simply chose to pay the ransom of $300 – a mere pittance compared to the value of lost data. But WannaCry was not ransomware targeting businesses; it was focused on impacting individuals. Thus, the extremely low ransom. In many ways, organizations hit by WannaCry were lucky.
But the next ransomware variant may not be so nice.
With most ransom demands valued in many thousands of dollars, it’s critical to plan out how you will protect – and recover – your encrypted data, should paying the ransom not be an option.
In this article, we want to provide you with some practical best practices to take to protect you from the next attack, focusing in on how to properly leverage a cloud backup solution. Using our own solution – Cloudberry Backup – as the example, we’ll provide some guidance on how to implement proper backups that ensure recovery in the face of a ransomware attack.
Best Practice #1: Use a Cloud Backup
Recent ransomware strains have been recently documented where on-prem backup measures and data (such as the Shadow Volume Copy service, and even backup data sets from specific vendors) have been disabled or deleted. Utilizing a cloud-based backup solution ensures a copy of your data remains unadulterated and untouchable by ransomware.
Best Practice #2: Use Encryption
Ransomware vendors (yes, vendors) are constantly working to improve their game. So, it’s necessary to assume they will eventually come after backups as a common part of their assault. By encrypting backup data sets (as shown as a part of Cloudberry Backup in the figure below), you obfuscate the contents of a backup set, limiting (if not eliminating) ransomware’s ability to identify the backup set as a target – a key component to either deleting the data or encrypting (for the purposes of hold it ransom) it.
Best Practice #3: Establish Retention Policies
When ransomware hits, the name of the game is being able to recover everything impacted as quickly as possible. But to do this, there are many questions that need to be answered, such as When were the files encrypted?, Which backup should I restore? And Do I even have the correct unaltered version backed up?
This is where retention policies as part of your backup become important. These policies establish how long backups should be kept, if multiple versions of files should be retained, and when to purge retained data. When you think about backups of critical data sets, it becomes obvious, you need to determine how long the data needs to be available to ensure a proper recovery. File versioning retention policies (shown at right as part of Cloudberry Backup) empower organizations to have multiple copies of changed files, providing an ability to go back in time a configured number of file revisions to find the desired file (presumably the version prior to ransomware encryption) to recover.
Best Practice #4: Establish Lifecycle Policies
Retention policies exist to determine which data needs to be available, and for how long. But, assuming you’re using a cloud backup solution, the amount of data kept can grow to a point where it is no longer cost-effective to keep all your backups in a storage tier designed (and priced) for high-speed, instantaneous access to backup sets.
With cloud storage providers such as AWS providing multiple tiers of storage that decrease in speed as well as price, cloud backup solutions (like that of Cloudberry Backup – shown at right) can take advantage of these many tiers of storage. Policies can be established to automatically move backup data to a lower tier after a specified period of time. This allow organizations to indefinitely (and, more importantly, cost-effectively) maintain backups to protect against ransomware.
Backups 1, Ransomware 0
The trick to being able to recover after a ransomware attack is no trick at all; it’s simply a matter of having the data you need available for recovery, the moment you need it. With ransomware strains becoming more focused on reducing your ability to recover, following the 4 best practices above – as demonstrated using Cloudberry Backup – will maximize the likelihood your organization can recover, rendering ransomware ineffective.