Data Backup’s end goal: Disaster recovery
Not very long ago, a large local conglomerate, was hit by ransomware in a very, very big way. The industry’s reaction in general, at that time was, “How can your backup data, also be encrypted and held at ransom by the perpetrators?”
But, they also rallied and offered up suggestions, as to how to avoid the pain of all business data being rendered useless by ransomware. They are:
1) there should be offsite backups of the data. In other words, keep it away from production systems and production data. Network segmentation can be explored.
2) Have disaster recovery plan in place, to revert to a manual process, or to use less automated tools like Microsoft Excel or Microsoft Word.
Barracuda Networks, an IT security and data protection vendor, also chipped in with their two cents, and their Product Manager for WAF and ADC, Tushar Rchabadas, recommended:
“Even with all of the preventive measures listed above, there is still a chance that an end user will become infected with ransomware and put your organisation’s critical data at risk. Successful backups with an effective retention policy enables organisations to recover from ransomware attacks without having to pay any ransom to the attackers, or losing the data altogether.”
Now, these guys are also huge proponents of backing up data, and offer Barracuda Backup, a high-performance offline replication system which can effectively do regular replication to remote sites or cloud-based backups. Tushar further described it, “It’s inline replication features start sending data offsite as soon as it reaches the backup device, ensuring more complete backups at all times.”
Test, test, and test
But in addition to a backup solution, he also recommends that organisations need to regularly perform and test backups. It is important to have backups that are replicated offsite, preferably in multiple locations.
Beyond simply protecting from ransomware, this also ensures that you can always reach your backups in cases where one data center goes down.
But, this has to be complemented with regular testing of backups, as this will help limit the impact of data or system loss and expedite the recovery process.
The kind of ransomware, and what it tries to encrypt also has to be taken into consideration. How do we prepare?
According to Barracuda, many new variants of ransomware are also trying to encrypt backups – by doing things like identifying and encrypting all network shares.
“Barracuda Backup is protected against these types of targeted malicious attacks. Additionally, unlike other backup solutions that may store backup files to a network share, Barracuda Backup does not present itself as a network share. The data stored on Barracuda Backup is inaccessible to any other devices on an organization’s network and the data itself is stored in a proprietary format, which prevents data from being read or accessed by anything other than Barracuda Backup.”
Another aspect to also test is restoration and disaster recovery (DR).
This testing is also a very important step in ensuring that your backups work. A regular DR/Restoration schedule must be set up and adhered to, to ensure that if disaster strikes, you can always get your data back.