David Papp Blog

Ransomware Backup Best Practices

How Can Backup Assist in the Prevention of Ransomware?

Ransomware attacks infect systems before encrypting files and folders, preventing access to critical systems and data. Following that, threat actors demand a ransom, typically in cryptocurrency, in exchange for a decryption key that grants access.

Many ransomware attacks are successful because the malware can disable backup applications, including the features of operating systems that copy your files. However, backup can still be used to protect against ransomware.

As part of an overall ransomware protection strategy, a backup and recovery strategy can help you protect your data and avoid paying ransom by using backup solutions that are out of reach of attackers. It can help you recover business-critical data quickly and efficiently and resume normal operations.

In this article, we’ll go over the best ransomware backup practices.

#1: Backup Policies Should be Reviewed and Updated

Regularly reviewing your backup policies and procedures is one way to reduce the impact of a data breach or cyber attack. Backups are only useful if they are complete and robust.

In an ideal world, an organization would protect itself against ransomware by restoring data from clean backups. If you are infected with ransomware, authorities and security experts advise against paying the ransom because there is no guarantee you will get your files back. As a result, it is critical to keep safe backups.

Chief Information Officers (CIOs) should issue directives requiring a comprehensive audit of all data in all locations. Organizations must examine all data, including data stored in the cloud or on local systems—this approach is critical given the shift toward remote work.

Here are some considerations for organizations when updating their backup policies:

  • Are all critical systems automatically backed up on a regular basis?
  • Has the organization practised restoring critical systems from their backups?
  • Is the organization following the 3-2-1 rule (keeping three backup copies on two types of media, with one copy in an external location)?
  • Is the organization isolating and protecting backup
    systems properly to prevent ransomware from reaching their backups?

#2: Backup Data Encryption

Encryption converts data from readable to encoded form. You can only read or process encrypted data after it has been decrypted with a secret key. Encryption is a powerful way to secure sensitive data and should be used ideally in a data backup strategy.

Because encryption converts data into unreadable code, if an unauthorized individual gains access to your data, they will be unable to read it unless they have the encryption key. Your backup strategy should secure your data when it is stored on a device or in the cloud (at rest), as well as when it is sent over networks or retrieved (in transit).

You should ensure that your files are encrypted using industry-standard algorithms, such as AES-256 encryption at rest and SSL/TLS in transit. This approach will deter unauthorized users from accessing your data, including any cloud providers who host it on their systems.

#3: Make use of Immutable Storage

Immutable storage refers to stored data that cannot be deleted or changed.

Object locking, also known as immutable storage or Write-Once-Read-Many (WORM) storage, is supported by many cloud providers and modern storage technologies. Objects can be locked by organizations for a set period of time, preventing users from deleting or altering them.

Here are some key characteristics that businesses should consider when selecting a backup solution:

  • To create immutable backups, choose a backup solution that integrates with an object lock capability.
  • Select a backup solution that allows you to set an appropriate retention period (in the cloud) or has enough storage to meet compliance requirements (on premises). Backups cannot be deleted while the immutable retention period is in effect, even if a malicious actor or ransomware gains access to the root credentials.
  • For optimal protection and control, look for a backup solution that also offers policy-based scheduling, which predicts and alerts when backups deviate from the retention policy.
  • The backup solution should automatically protect files, ensuring that organizations always have point-in-time backups available during the retention period.

#4: Air Gap Business Data

A security approach in which computers, networks, or computer systems are not connected to other networks or devices is known as an air gap. This method is used in situations where airtight security is required without the risk of disaster or compromise.

It ensures that a system is completely isolated—electronically, electromagnetically, and physically—from other networks, particularly those that are not protected. Only a physical device with an air gap approach, such as an external hard disc, can be used to transfer data.

Cloud storage is an excellent option for storing long-term data backups. Cloud storage protects data from physical disruptions such as power outages, hardware failures, and natural disasters. However, it will not automatically protect data from ransomware. The cloud is vulnerable in two ways:

  • Via customer network connections
  • Due to the fact that cloud infrastructure is shared

This means that cloud storage may not be sufficient to protect against ransomware, and an offsite copy of the data should be kept in a storage device that is disconnected from all networks.

#5: Apply the 3-2-1 Rule

The 3-2-1 backup rule should guide your backup strategy. This rule has the following requirements:

  • Make three copies of your data.
  • Have two different media types for your backups.
  • Ensure one backup is kept in a secure location offsite.

These layers of security ensure that if you lose data in one media type, copy, or location, you can still restore it.

The best approach for any workflow consists of two parts. Some common 3-2-1 workflows combine NAS with the cloud, disc with the cloud, and disc with tape.

#6: Ascertain Coverage

Make certain that your backup solution protects your entire business data infrastructure. This method should assist you in recovering all your critical data following a ransomware attack.

Endpoints, NAS shares, servers, and cloud storage must all be covered. Because many organizations still use older systems, you must safeguard all your operating systems, including older ones. If you use or require the data, you must also back it up.

#7: Test the Backup Strategy

All backup and recovery plans must be tested. This procedure is required to calculate recovery times and whether or not specific data can be recovered.

Here are some questions to think about when planning your backup strategy:

  • It’s ideal to use air-gapped, off-site media, but how long
    will it take to restore the systems?
  • Which systems are you going to prioritize for recovery?
  • Will your company require clean, separate networks for recovery?

CIOs must check all phases of the organization’s recovery plan, identify gaps or vulnerabilities, and correct them to ensure that backups are production-ready and can support the organization’s recovery point objective (RPO) and recovery time objective (RTO).