With the recent proliferation of ransomware, a type of malware that encrypts your data and holds it hostage until payment is received, what should be done to protect valuable data?
One of the best defences against this threat is having a good backup strategy. This protects your data against all sorts of unpleasant mishaps. How frequently you make them, what you make them to, where they are stored, as well as deploying the automation required to maintain said backup procedure is also crucial. We should all be familiar with making backups, but there is a useful rule of thumb called the “3-2-1 rule”.
A good backup procedure could mean the difference between surviving a catastrophic event such as ransomware or shutting down the business. Let’s use an example file called “Important_stuff.txt” to explain how this all works.
3 Different copies!
- One on a workstation, stored locally for editing or on a local server, for ease of access.
- One stored on a cloud backup solution.
- One stored on a long-term storage such as a external hard drive, replicated offsite, or even an old school tape drive.
1 Copy stored offsite!
A word on security.
- Use strong passwords on that offsite cloud service. Select cloud backup solutions that are zero-knowledge. (The stewards of the cloud don’t have access to your data in unencrypted form!)
- Encrypt the data backed up to external solutions.
- Store these backups in a safe place, preferably under lock and key.
Payment must be the absolute last resort.
For an effective backup plan, you should have at least 3 different copies of this file. A good example would be:
This diversity of backups is there to ensure your documents are available with added redundancy. If the hard drive on your workstation fails, you have a backup on the server. Server down? The cloud copy is still an option.
If the ransomware did its thing while the server share was mounted to your workstation, it might also be encrypted. Here the cloud copy would save the day.
This is the reason why having 3 different copies is a good idea.
In the example given above, we had 3 copies of our file. The type of media this file is saved to is also important. The hard drive of the workstation and the external share are the fundamentally the same, but the cloud storage is different, as is the external hard drive.
The different media rule most probably harkens back to the days of tape drive backups. If your backup regimen lacked diversity and consisted of only tape drives, it was vulnerable to a failure of the tape drive reader.
This scenario is where the main hard drive fails and the tape drive reader ALSO fails. As tape drives were a long-term storage option, it wouldn’t be uncommon for a new tape drive reader to become hard to source. This means trying to find a new or functioning reader could become difficult making your backups are inaccessible.
The takeaway is that media diversity is equally important. You could store “Important_stuff.txt” on multiple different media, just as long as all your eggs aren’t all in the same technological basket.
Having a diversity of media helps reduce the chances that all possible avenues of recovery will be inaccessible through equipment failure.
One copy of the backup should be stored offsite. If the head office burns down, it won’t matter how many backups you had. In our example, storing “Important_stuff.txt” on a tape drive and having it in a safety deposit box at your bank would negate the “office-burning-down” scenario as well as the perfect storm of ransomware encrypting everything.
Offsite copies will help mitigate a localized event.
You should make all best efforts to secure these backups. For an attacker, “Important_stuff.txt” is something that is immediately identified as a high-value item. Remember that if you store your backup in the cloud, the stuarts of this cloud could have access to them. Portable drives are, well… portable, and by this I mean they can be portable in someone else’s pocket!
The examples above where encryption is used are how it is beneficial, as opposed to how it is used by ransomware authors.
The single greatest obstacle to a proper 3-2-1 backup regimen is the discipline required to maintain it. A good way to mitigate this is to automate the backup process. The backing up of “Important_stuff.txt” should be transparent to its owner.
Having backups gives you the option to deny ransomware authors by choosing the painful option and restoring from backups…
Any option other than paying the cybercriminals for a decryption key is preferable. This is why when we see news reports recommending paying the ransom we collectively shake our heads. Encouraging familiarity with the Bitcoin ecosystem isn’t bad at all. Crypto-currencies are fascinating. Having some stored on hand for a quick payment, however, implies a fundamental failure.
Remember, when you pay the bad guys, you reinforce the viability of these types of attacks. You are teaching them that ransomware works.
What cloud storage do you recommend? I've been told they are not safe.
ReplyDeleteAre some external hard drive brands better than others?
We recommend Carbonite for cloud storage. It not only backs up your data, but also your computers configuration files. Carbonite encrypts your data before storing it on their servers so it is very safe. http://partners.carbonite.com/suncitycomputersolutions As for external hard drives, we recommend Western Digital. They hold up very well and tend to last longer than other brands like seagate.
Delete