August Ransomware Recap: Sixth Month in a Row with YoY Increase
It didn’t feel like it, but some ransomware groups took a summer break. Here’s what you need to...
We’ve got the fundamentals down: ransomware is a major concern, and threat actors target backups to encrypt or delete them. On the bright side, It appears there’s increasing awareness for the latter, as we have seen more organizations with viable backups during ransomware incidents. This means that fewer end up being forced to pay the ransom to restore their data.
What can we learn from these companies? First, they had backups of all their critical systems. While that won’t be the focus of this blog post, the significance of that cannot be overstated - know your critical systems and back them up. In addition to knowing their environment and backing up critical systems, they followed best practices to ensure their backups were protected from threat actors. They all utilized the 3-2-1 backup strategy, which we’ll explore below, and take one step further. Let’s do this.
An effective security strategy is a layered approach that has backstops and catchalls (I’ll spare everyone the onion analogy). It should be no surprise that the most effective backup strategy is about layers. Enter the 3-2-1 backup strategy, an approach that is as simplistic as it is effective. It goes:
The first layer is to have at least three copies of the data. I emphasize “at least” because I encourage going above this, especially with how existing backup technology makes it so easy to automate the process. When thinking about copies of data, take into consideration the following recommended configuration. There are best practices throughout that apply to all copies of the data.
The media types were scattered throughout the prior section. To summarize, here are various media types that are routinely seen in the 3-2-1 backup strategy:
At this point, the offsite storage should be fairly straightforward. Two main options exist:
Let’s not stop at 3-2-1. We’re going to take this a step further to maximize your backup strategy. Enter the 3-2-1-1-0 rule being popularized by backup provider Veeam.
There’s a reason immutable copies were a best practice. It helps ensure that a backup copy can’t be deleted (whether accidentally or on purpose) or encrypted during a ransomware event. If done well, that immutable copy will be the backstop for you.
Test, test, test! It doesn’t matter what you do if you can’t confirm it actually works. This is a step that so many organizations fail to do and they only realize that something is broken when it is too late. You don’t have to be one of those companies! Many backup solutions have automated backup verification to ensure your data is viable. Go even deeper. Put time on the calendar at least once a year to walk through the recovery procedure and test that the systems and applications work. It’s not enough to restore systems if the applications and services on those systems do not function after restoration.
An effective backup strategy doesn’t have to be complex, you’ll find that sticking to the basics will work wonders for you. If you follow this simple recipe, the chances of success will multiply. The layers exist to help you mitigate risk and the likelihood of an attacker destroying your entire backup stack. Just like in security, layers of backups provide additional risk mitigation. And just like in life, don’t make assumptions that what you’re doing is actually effective. Test, confirm, and sleep easier.
It didn’t feel like it, but some ransomware groups took a summer break. Here’s what you need to...
For the fifth month in a row, more than 300 global victims were posted to ransomware leak sites. In...
Today, organizations face an evolving range of cyber threats, from data breaches to ransomware...