Ransomware Protection: Best Practices in Backup and Defense

Ransomware attacks are a persistent and ever-evolving threat, with devastating consequences for affected organizations. With the ongoing increase in the frequency and sophistication of these attacks, it's now more important than ever to ensure your organization has robust ransomware protection measures in place. In this article, we'll delve deeper into the essential concepts and methods for effective ransomware defense and backup.

Backup Types: Balancing Resilience and Practicality

One significant aspect of protecting your organization against ransomware is having an appropriate backup strategy. There are several types of backups that can be implemented; each with its own advantages and drawbacks:

  • Offline backups provide maximum resilience against ransomware as they are disconnected from the network and physically stored elsewhere. However, creating and maintaining these backups can be labor-intensive and time-consuming.
  • Immutable backups offer a practical alternative, where the storage volume is dedicated exclusively for backups and cannot be modified or deleted. This provides protection against ransomware attacks that target backup files, but may require a more significant investment in storage infrastructure.
  • Data-only backups focus on backing up essential business data while excluding less critical files and operating system components. These backups have a lower recovery point objective (RPO) but can result in a longer recovery time objective (RTO) as the operating system must be reinstalled before restoring the data.

Defense Measures: Ensuring Business Continuity and Reducing Vulnerabilities

In addition to having a solid backup strategy, organizations should employ a wide range of defense measures to further protect themselves from ransomware:

  • Business Continuity Management: Ensuring your organization's ability to operate without Microsoft Teams or other communication systems is a vital aspect of ransomware defense. One potential solution is to create a backup telephone directory – providing an offline resource for staff to maintain contact with key colleagues and stakeholders in the event of a ransomware attack.
  • Exagrid Delayed Deletion: Exagrid's delayed deletion feature helps prevent ransomware attacks by preventing files from being permanently deleted within a specified period. This allows organizations the opportunity to recover important files before they are lost forever.
  • S3 Glacier Compliance Lock: AWS's S3 Glacier offers an immutable backup option with its Compliance Lock feature. This feature ensures that stored data is write once, read many (WORM) and cannot be altered, providing a robust defense against ransomware aiming to corrupt or delete backups.
  • Windows Controlled Folder Access: This security feature, available in Windows 10 and Windows Server 2019, restricts apps and other system processes from making changes to files in protected folders. By limiting access, the potential for ransomware infection within these important directories is reduced.
  • Carbon Black Canary Files: Carbon Black uses "canary" files – false files planted within the network – to monitor for ransomware activity. When a ransomware attack begins encrypting files, it's likely to encrypt the canary files early in the process. These files then send notifications to the system administrators, alerting them to the presence of ransomware.
  • Veeam Staged Restore: Veeam's Staged Restore feature minimizes the risk of restoring an infected backup by allowing organizations to scan and clean backed-up data prior to full restoration.

By employing these backup methods and ransomware defense measures, organizations can significantly enhance their cybersecurity posture and reduce the likelihood of suffering the damaging effects of a ransomware attack. The constantly evolving nature of ransomware means that a proactive and comprehensive approach to protection is essential to ensure the security of your organization's data and operations.