When it comes to ransomware, there is no choice but to implement a first line of defence from one of the many cyber security companies that are advancing next generation security technologies. This is in a never-ending battle to stay one step ahead of the cyber criminals who are trying to use ransomware to extort money or cause business disruption.
The first line of defence, preventing ransomware from getting through or hitting your systems, is probably the most important part of a ransomware strategy. But in isolation, it is not the complete answer.
Because the threat is virulent, constantly adapting and can fool people as well as systems, there is a genuine concern that no matter how strong your front line defence might be, your company may still fall victim to ransomware.
When that happens what do you do? Paying the ransom is the final desperate solution to solve the issue, but it’s not a strategy. Paying a ransom is no better than a flip of a coin as to whether the cybercriminal will unlock your system, and even if they do, you are fuelling their coffers to build even more nasty strains to come back and hit you again.
Backup is always a critical part of any strategy that mitigates risk of lost or corrupted data. Its an old technology but continues to be a final backstop for even the most modern-day threats such as ransomware.
Veeam started as a disrupter in the backup space, providing cutting edge backup solutions for virtualised environments. Today Veeam’s portfolio covers much more, they offer a platform for complete protection and recovery for cloud based businesses. However they have lived by a fundamental best practice for backup, which still holds true today and remains completely relevant even in the face of modern threats like ransomware.
The strategy is called the 3-2-1 rule. And if you follow this as part of your backup best practice, it will also serve well as part of your ransomware mitigation.
“3” refers to keeping three copies of your data. Production or primary data, the backup copy and a second copy of the backup data. This is definitely best practice for backup, in terms of ransomware, because the copies are made at different times, it is unlikely that a ransomware infection could ever embed itself into all three copies of that data.
“2” refers to using at least two types of media on which to store your data and backup copies. Having two types of media for backups within a single data centre again reduces the chance that ransomware will get to both copies. This can be two separate disk arrays, and flash array and an object store, even something completely different like optical or tape – the point is the physical separation makes it difficult to infect both.
“1” refers to keeping at least one-off site copy of your data, this will usually be the second backup copy and it will also often be stored on “cold” media, that is media that does not need to be “connected” at all times such as tape. This geographical separation reduces risk even further, and using off line media creates an “air gap” which makes it almost impossible for that data to be infected.
Because backups keep historical versions of data, even in the unlikely event that all three most recent copies of data do get infected, you can recover back to a historical point in time before infection occurred.
As mentioned at the start of this article, the aim is to avoid getting hit by ransomware altogether, but with Veeam, in the event that the worst happens, we can ensure that your data is safe and that you can still recover your applications without having to even think of paying that ransom.
(Note: if you want to find out more about how Veeam can be your backstop against ransomware, download this in-depth guide here)