In our last article, we described the recent situation with many organizations were hit by the WannaCry strain of ransomware – and the possible ways of retaliation. In some cases, organizations simply chose to pay the ransom of $300 – a mere pittance compared to the value of lost data. But WannaCry was not ransomware targeting businesses; instead, it was focused on impacting individuals. Thus, the extremely low ransom. In many ways, organizations hit by WannaCry were lucky.
But the next ransomware variant may not be so nice.
With most ransom demands valued in many thousands of dollars, it’s critical to plan out how you will protect – and recover – your encrypted data, should paying the ransom not be an option.
In this article, we want to provide you with some of the best practices to adopt in order to protect you from the next possible attack, focusing on how to properly leverage a cloud backup solution. Using our own solution – Cloudberry Backup – as the example, we’ll provide some guidance on how to implement proper backups that ensure recovery in the face of a ransomware attack.
Best Practice #1: Use a Cloud Backup
Recent ransomware strains have been recently documented where on-prem backup measures and data (such as the Shadow Volume Copy service, mapped cloud drives and even backup data sets from specific vendors) have been encrypted or deleted. Utilizing a cloud backup solution ensures a copy of your data remains unadulterated and untouched by ransomware.
Best Practice #2: Use Encryption
Ransomware vendors (yes, vendors) are constantly working to improve their techniques. So, it’s necessary to assume they will eventually come after cloud backup as a common part of their assault. Usually ransomware works by encrypting files with specific extensions. To add another layer of defense you can encrypt your cloud backup data (as shown as a part of Cloudberry Backup in the figure below), to obfuscate the contents of a backup set, limiting (if not eliminating completely) ransomware’s ability to identify the backup set as a target – a key component to either deleting the data or encrypting (for the purposes of holding it for ransom) it.
Best Practice #3: Establish Retention Policies
When ransomware hits, the name of the game is being able to recover everything impacted as quickly as possible. But to do this, there are many questions that need to be answered, such as When were the files encrypted?, Which backup should I restore? And Do I even have the correct unaltered version backed up?
This is where retention policies as part of your backup become important. These policies establish how long backups should be kept, if multiple versions of files should be retained, and when to purge retained data. When you think about backups of critical data sets, it becomes obvious, you need to determine how long the data needs to be available to ensure a proper recovery. File versioning retention policies (shown at right as part of Cloudberry Backup) empower organizations to have multiple copies of changed files, providing an ability to go back in time a configured number of file revisions to find the desired file (presumably the version prior to ransomware encryption) to recover.
Best Practice #4: Establish Lifecycle Policies
Retention policies exist to determine which data needs to be available, and for how long. But, assuming you’re using a cloud backup solution, the amount of data kept can grow to a point where it is no longer cost-effective to keep all your backups in a storage tier designed (and priced) for high-speed, instantaneous access to backup sets.
With cloud storage providers such as AWS providing multiple tiers of storage that decrease in speed as well as price, cloud backup solutions (like that of Cloudberry Backup – shown at right) can take advantage of these many tiers of storage. Policies can be established to automatically move backup data to a lower tier after a specified period of time. This allow organizations to indefinitely (and, more importantly, cost-effectively) maintain backups to protect against ransomware.
Backups 1, Ransomware 0
The trick of being able to protect your data from ransomware attack is no trick at all; it’s simply a matter of having the data you need available for recovery, the moment you need it. With ransomware strains becoming more focused on reducing your ability to recover, following the 4 best practices above – as demonstrated using Cloudberry Backup – will maximize the likelihood your organization recovering successfully, rendering ransomware ineffective.