Bringing Sexy Back: Is Backup Now Attractive in Ransomware Situations?

Ransomware: Best Practices in Leveraging Backup Solutions 

Not a day passes without another article about an organization being held hostage with an encryption-based ransom, or ransomware.  I am sure the irony of it is not lost on many IT folks: the same tool that is supposed to help secure your data is now used against you in a criminal endeavor. Adding insult to injury, there’s no real way out and you’d better have a Bitcoin account ready to pay up.

Here’s the good news: while it’s not perfect, you already have a great solution in place in your environment to help you out; good old backup. Yes, the unsexy backup function is becoming quite attractive. However, there are some ‘gotchas’ and best practices one must adhere to. Remember, your backup server is a target too.

Many customers have used our solution, Arcserve UDP, to successfully recover affected systems and save their businesses from succumbing to encryption extortionists.. With Arcserve UDP, you can recover a system from scratch and minimize your data loss. Of course, you’d have to get rid of the infected systems and stop the virus from spreading first. However with regular backups, you can significantly reduce the amount of exposure and have the confidence you can recreate a “clean” system. After all, this is a “logical” incident. You would do the same thing if somehow you had corrupted a system and its data; the big difference is the source of the problem.

After discussions with our technical experts, we’ve developed best practices to help you stay out of the ransomware headlines, and keep your business running as usual.

Protect the Source Machine

  1. Take precautions to prevent infection in the first place, such as training users to not click on links within emails, downloading attachments from unknown sources and updating software on a timely basis.
  2. Perform regular backups, which may include rethinking your service level agreements to ensure critical business data is backed up more frequently.
  3. Follow the 3-2-1 strategy for backup: one of the copies should be offline, andat least one of the copies should be offsite.
  4. Make sure your chosen backup solution includes virtual standby for critical systems so that you can get back on your feet very quickly.

Protect the Protector (The Backup Data)

If your backup server gets infected or if your backup data is on a shared network share that is accessible from an infected machine, ransomware can encrypt backup data as well. It sounds obvious, but it’s important to remember!

  1. Replicate data to offsite / cloud
  2. Periodically, copy recovery points to offline media, such as USB disks
  3. Consider leveraging tape as a backup medium for critical data (yes tape!). This oldie but goodie comes in handy to send periodic recovery points offline.

There is no magic bullet or perfect answer, but it’s important to remember that with an advanced backup solution (such as Arcserve UDP), you have a great tool to help in your fight against ransomware. It starts by educating end users and applying best practices to protect your environment.