Ransomware continues to be a huge problem for companies and consumers—and a major source of income for cybercriminals. Malicious hackers using CryptoWall ransomware extorted $18 million last year, according to the FBI, and that’s just one of many ransomware variants. Microsoft has detected a 400% increase in ransomware attacks since 2015. This sad fact is that the ransomware industry continues to grow because people continue to pay ransoms.
Logic would dictate that we simply stop paying ransoms and ransomware will end. But this is much easier said than done. Businesses, healthcare organizations, politicians and security experts debate this topic regularly, and there’s no clear consensus on what to do. Nobody wants to pay the ransom, but some are not in a position to refuse.
Healthcare organizations must consider the potential danger to patients if they do not pay a ransom. Meanwhile, banks are stockpiling bitcoins as an insurance policy against attacks. Some companies choose to pay because it’s cheaper than fixing the problem. Of course, this just makes it more likely that cybercriminals will target the company with ransomware again.
So, how do we get to a place where companies and individuals can afford to say no to ransom demands? This solution is surprisingly simple: Have a good backup of your data so that you can restore the data instead of paying a criminal to unlock it for you. Here’s a quick guide to protecting your data with a backup and recovery solution:
1. Data inventory
The first step is to understand what data you have so that you can adequately protect it. You may have data on workstations, laptops, file servers, cloud services, or within applications and databases.Try to get a good feel for what you have and what is most important—then prioritize that data for backup.
2. Data design
The second step is to identify the ideal location for the data. Workstation and laptop data may be migrated to servers; redundant data can be consolidated, and pointers or mappings created so that it is still accessible in multiple ways.
3. Backup design
Choose a backup solution that backs up data automatically and often enough to ensure that minimal data is lost when recovery is required. Remember that backups should be segmented from production systems. There should be both a logical and a physical segmentation.
Logical segmentation places the backups in a location that cannot be reached by systems on the production network. For decades, tapes were used for offsite backups. Today, tape backups are often replaced with cloud backups. If an incorrectly written script deletes data from the network, the tapes would be safe from harm. Similarly, if a virus like ransomware infects production systems, you will still have clean versions of your data backed up to the cloud.
Physical segmentation protects against a natural disaster such as a fire that could take out a facility. If backups are stored on a server, hard drive, or tapes located within the facility, a fire or some other disaster could destroy both production data and backups, leaving the organization with no way to recover data. Physical segmentation places backups outside the facility. Backups could be replicated to the cloud or another site, tapes could be shipped to a remote storage facility, or an employee could take backup drives to a safe deposit box.
4. Testing
A backup system cannot truly be relied upon until it is tested with a restore. Restore testing ensures that organizational data can be effectively recovered within acceptable time frames. It is often through the restore testing process that inefficiencies or complications are identified that can be resolved before the backups are required in an emergency. Restore testing also familiarizes IT staff with the recovery process. That means they’ll be ready when disaster strikes.
5. Say no
Say no when ransomware strikes. You don’t need to pay because you can restore the data. Delete the infected files, remove the virus, and restore your data from backup. With the right backup solution in place, there’s no need to deal with cybercriminals.