When hit by ransomware, numerous companies have paid the ransom in an attempt to get their data and information back. The reason these companies have resorted to paying the ransom after an attack is due to the lack of usable backups. Backups need to be easily and quickly recovered, include all files, information and technology important for supporting a business process and it should be safe from malware. Below are some tips you can use to make sure you are prepared in the event of a ransomware attack.
A way to protect backups is to use storage that can not be written over. Organizations can use write-once read-many (WORM) technology that allows data to be written, but it can not be changed or written over. This can increase cost since more storage will be required. There are other technologies that will only save updated files and won't keep previous versions or copies.
Many organizations don't have the storage space to keep backups for extended periods of time, however it can help you recover from a ransomware attack if you were to have multiple backups. You can keep different types of backups, such as full backups and incremental backups. Additionally, you should keep your backups isolated.
While keeping your backups safe from attackers, you should also be mindful of your data catalogs and ensue they are safe. A lot of ransomware attacks that are more complex, actually target the backup catalog versus the backup media, tapes, etc. The backup catalog contains the metadata for backups and more, making it much more attractive to cybercriminals. Without the backup catalog, your backup media is useless.
Back Up Everything
Large organizations can have a problem with making sure every single thing that needs to be backup is actually backed up and stored safely. It is recommended that organizations consistently do thorough surveys of all systems and assets to ensure that all information continues to be backed up correctly. Sometimes things will be stored in the wrong places, or that they are storing things that shouldn't be stored - for example, payment information.
Back Up Business Processes
Cybercriminals don't just attack data files. They know that if they go for business processes or functions, they can make organizations more likely to pay a ransom. Organizations sometimes don't realize how important it is to back up software, components, configurations, networking settings and other tools that are required for a business process. Not doing so can make recovery of data challenging.
Test Everything Often
Multiple organizations have said that they have not tested their disaster recovery plans in the last few months, or they have never tested it before. If you test your recovery plan, you will be better prepared for when an attack happens. Additionally, you can't just test the technology, you also need to test the human element of the plan. This way you can figure out all the intricacies and work through them so you can effortlessly recover your data and processes after ransomware.