The internet is a scary place. Between viruses, popup adware, and spyware, tons of horrible things can get onto your network and wreak havoc on your systems. One of the most frustrating and damaging types of attacks is ransomware. Once infected, the ransomware will encrypt your data on the server, search the network for other servers, and spread from there. Once all your data is encrypted, per the name, you’ll be left a ransom note with instructions on how to potentially unencrypt your data (hint: it usually involves money).
One of the most painful aspects of a ransomware attack isn’t just having your servers and data encrypted, but also having your backups encrypted. Encrypted backups severely limit your ability to recover from any type of attack. One of the most important things you can do to protect your recoverability from a ransomware attack is to protect your backup data sets. Here are two potential options:
- Limit access to your backups:
Backups need to be accessed only by the backup servers. In most backup and DR applications, the backup data is not usable by anything but the backup application. Therefore, there’s no reason your backups should be accessible by the network. Many times a UNC path or NFS path is used for a backup path and it can be secured. However, a better method is to use a backup appliance that uses an API to receive backup data. This methodology can be found in products like DellEMC Data Domain and HPE StoreOnce. Since the device is configured to use an API call instead of a common protocol such as SMB (the protocol Windows uses for network shares), it’s significantly more difficult for the ransomware to browse and damage your backups.
- Isolate your backups:
Keep the backup data off the network. This can be done by having a second copy of the data off the network until replication is needed. This could be scripted or done manually before data is transferred. Another method is to just use tapes and store them on a shelf or in some facility. With LTO8 tapes storing as much as 30TB per tape, it’s still a valid and inexpensive way of protecting your data in an offline state. Virtual tapes to a cloud repository is also an option. If either the tape is sitting on a shelf or is locked away in a virtual repository, ransomware will not be able to touch the data since there’s nothing connected to it.
These solutions are not mutually exclusive, as a complete DR plan would use a combination of both solutions to provide the most protection for your business. As part of any good DR Plan, just having these items in place only goes so far, a complete solution should also include some good old-fashioned testing, which can provide two significant benefits:
- Make sure the backups and backup applications work as designed. While many people might feel this is obvious, it’s one of the main areas of opportunity we see at Anexinet. A complete backup test would include restoring small amounts of data (e.g. files) and complete restores from ALL copies of the data. For example, if you backup to your local site and a DR site, and if you only test the local restore process, how do we know the remote DR site backups are valid? Restore testing to all sites should also be performed.
- Make your DR team comfortable with the restore process. A team that’s comfortable with the restore process will be more proficient with the restore, lowering the RTO in the case of disaster. Also, an attack can cause a lot of stress and anxiety within the company. Having a team that’s cool and collected with the restore being “just another day in the office” will provide comfort to office personnel, especially upper management.
Be sure to reserve your spot for our upcoming webinar on April 28th: Modernize Your IAM to Prevent Ransomware Attacks. Anexinet experts discuss the Principle of Least Privilege (POLP) and Privileged Access Management (PAM). Further, the webinar explains how advanced Identity and Access Management solutions dramatically reduce your attack surface to make you far less vulnerable.
Lastly, with the rise of ransomware attacks, it’s not a question of if you will be attacked, but when. It’s essential to have a DR strategy in place to recover from such an attack. Partnering with an organization with experience with protecting against ransomware and disasters is a smart plan. Anexinet’s Disaster Recovery Kickstart evaluates your DR readiness and provides actionable items to protect your business. Please take a moment to check it out. We’d love to help you save your company in the event of a disaster.