Last month, I discussed the two most pivotal steps in preventing ransomware attacks from wreaking havoc on your organization: user education and securing your network. While these steps establish a robust security posture to combat cyberattacks, there is still one more layer your organization can add to ensure recovery when an attack does strike: having a solid backup plan. Let’s chat about a few recent K-12 school districts that had to leverage their backup plan. In the news, we heard about Montana’s Bigfork Public School District who in November 2016 was hit with Ransomware and a payment of $10,000 was demanded. Rather than pay, they restored with an offsite backup. The same is true for Rhinebeck Central School District in New York who was also hit by a ransomware attack and did a restored with off-site backup files as well. As you can see, having a solid backup plan in place can not only prevent a ransomware payment and spare your data but it can also provide peace of mind.
The United States Computer Emergency Readiness Team provides some guidelines to help organizations optimize their backup solutions in combatting ransomware:
• There’s no protection from ransomware without backup. If your organization has been diligent about using an effective backup system, you can simply refuse to pay the ransom and restore your files from your most recent backup—your attackers will have to find someone else to rob. Victims without a backup solution in place may be willing to pay the ransom simply because the demanded amount seems low compared to the lost hours a school district will spend trying to resolve the problem on their own.Always backup your data! Ransomware victims without data protection may find that the ransom amount is low compared to the downtime and other recovery costs. Click To Tweet
• Think redundancy. Most experts say you need to have three forms of backup: real-time, daily incremental, and weekly incremental. One of the three should be offsite with a cloud provider and the other two can be at different spots in your organization or at two separate locations. For budget or other reasons, your organization may be committed for the time being to a legacy, on-premises backup solution, but you should certainly be planning to transition to a cloud-based system, as cloud-based backup services can provide the greatest security.
• Isolate your backups. The backups should not be connected to a shared drive. Sure, you can be infected with ransomware during a backup session, but you really hedge your bets when you isolate exposure to just when you run the backups. Also, ransomware can infect both mapped and unmapped drives, so your best bet is to separate your backup drives from the network.
Also, I’d like to share with you a case study about a Barracuda customer’s experience with being hit with ransomware but having a backup plan in place. Hayward Tyler Group, a global manufacturing firm, was hit by a ransomware attack that could have crippled their business—but one hour later, they had completely recovered, and the criminals got nothing. Read more about Hayward Tyler’s experience.
Darius is a veteran of the network industry, with more than 21 years of experience in networking products, enterprise marketing and business development. He is currently Director of Product Marketing for Security at Barracuda Networks.