The internet is a scary place. Between viruses, popup adware, and spyware, tons of horrible things can get onto your network and wreak havoc on your systems. One of the most frustrating and damaging types of attacks is ransomware. Once infected, the ransomware will encrypt your data on the server, search the network for other servers, and spread from there. Once all your data is encrypted, per the name, you’ll be left a ransom note with instructions on how to potentially unencrypt your data (hint: it usually involves money).
One of the most painful aspects of a ransomware attack isn’t just having your servers and data encrypted, but also having your backups encrypted. Encrypted backups severely limit your ability to recover from any type of attack. One of the most important things you can do to protect your recoverability from a ransomware attack is to protect your backup data sets.
Backups need to be accessed only by the backup servers. In most backup and DR applications, the backup data is not usable by anything but the backup application. Therefore, there’s no reason your backups should be accessible by the network. Many times a UNC path or NFS path is used for a backup path and it can be secured. However, a better method is to use a backup appliance that uses an API to receive backup data. This methodology can be found in products like DellEMC Data Domain and HPE StoreOnce. Since the device is configured to use an API call instead of a common protocol such as SMB (the protocol Windows uses for network shares), it’s significantly more difficult for the ransomware to browse and damage your backups.
Keep the backup data off the network. This can be done by having a second copy of the data off the network until replication is needed. This could be scripted or done manually before data is transferred. Another method is to just use tapes and store them on a shelf or in some facility. With LTO8 tapes storing as much as 30TB per tape, it’s still a valid and inexpensive way of protecting your data in an offline state. Virtual tapes to a cloud repository is also an option. If either the tape is sitting on a shelf or is locked away in a virtual repository, ransomware will not be able to touch the data since there’s nothing connected to it.
These solutions are not mutually exclusive, as a complete DR plan would use a combination of both solutions to provide the most protection for your business. As part of any good DR Plan, just having these items in place only goes so far, a complete solution should also include some good old-fashioned testing.
While many people might feel this is obvious, it’s one of the main areas of opportunity we see at Anexinet. A complete backup test would include restoring small amounts of data (e.g. files) and complete restores from ALL copies of the data. For example, if you backup to your local site and a DR site, and if you only test the local restore process, how do we know the remote DR site backups are valid? Restore testing to all sites should also be performed.
A team that’s comfortable with the restore process will be more proficient with the restore, lowering the RTO in the case of disaster. Also, an attack can cause a lot of stress and anxiety within the company. Having a team that’s cool and collected with the restore being “just another day in the office” will provide comfort to office personnel, especially upper management.
With the rise of ransomware attacks, it’s not a question of if you will be attacked, but when. It’s essential to have a DR strategy in place to recover from such an attack. Partnering with an organization with experience in protecting against ransomware and disasters is a smart plan. Anexinet’s Disaster Recovery Kickstart evaluates your DR readiness and provides actionable items to protect your business. Please take a moment to check it out. We’d love to help you save your company in the event of a disaster.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
|cookielawinfo-checbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.