Ransomware has been unequivocally pegged as the #1 cybersecurity threat of our post-pandemic times. Nasdaq calls it the “greatest business threat in 2022”. With a ransomware attack every 11 seconds, ransomware recovery has to be as robust as prevention. Security experts worldwide including the CISA recommend that “Backing up Is your best bet against ransomware”. In this blog, we examine 4 backup best practices for ransomware recovery. So you have a reliable and accurate backup to get back your data and business ASAP when struck by ransomware.
#1 Ransomware Backup Best Practice: Ensure your Backups are Cyber-Resilient. Air-gapped, Encrypted, and Immutable
While backups are the best way to ransomware-proof your data, they are only effective if they are cyber-resilient, meaning that they are able to withstand ransomware attacks and still be able to restore your data. To be effectively cyber-resilient they need to be air-gapped, encrypted, and immutable.
- Air-gapped: An air-gapped backup is one that is not connected to the network or the internet in any way, making it immune to ransomware infiltration. Since the data is kept in an air-gap arrangement, it’s considerably more difficult for ransomware attackers or other bad actors to intercept, gain access, and disrupt it. Tape media was formerly used to air-gap the backup data – offsite, secure physical storage. As backup has evolved, a cloud-based destination that is not accessible via standard networking protocols would be your best bet.
- Encrypted: Encryption ensures that even if your backup falls into the hands of ransomware attackers, they will not be able to access your data without your encryption key. Your backup solution should protect your data both “at rest” when it’s stored on a device or computer and “in transit” when it’s transmitted and received. SSL/TLS in-transit and AES-256 encryption at-rest are the industry gold standards.
- Immutable: Finally, immutable backups cannot be changed or tampered with, ensuring that you can always restore your data to its original state. An immutable backup is a full and unchangeable copy of your data that cannot be altered, even by ransomware. It’s created by taking snapshots of your data at regular intervals and storing them in an immutable storage container such as Amazon S33 or Azure Blob Storage. WORM (Write Once, Read Many) or “Object locking” can also be used to create stringently immutable backups. You can set items to be locked for a specified amount of time, preventing them from being removed or changed by any individual.
#2 Ransomware Backup Best Practice: Don’t Forget the 3-2-1 Rule
The “3-2-1 Rule” is a backup strategy that dictates the following:
- You should have at least three (preferably more) copies of your data.
- Your data should be stored on two different media types.
- At least one copy should be kept offsite.
The rule is a best practice for ransomware recovery because it ensures that you have multiple copies of your data in different locations, making it less likely that all copies will be lost or corrupted in the event of an attack.
For example, you could have three copies of your data:
- One on your computer’s hard drive
- One on an external hard drive
- One in the cloud
Applying the 3-2-1 Rule to the Cloud paradigm:
- One on your SaaS platform (Microsoft 365, Google Workspace, Salesforce)
- One in the cloud on your backup provider’s storage
- One on another cloud-based storage such as Amazon Simple Storage Service (S3) Glacier with longer retrieval times.
#3 Ransomware Backup Best Practice: Keep Your Backups Comprehensive
Your backups should be comprehensive, meaning that they should include all of your data including system and application files, databases, virtual machines, and any data on SaaS platforms. While backup of onsite data is the norm, organizations are often under the misconception that cloud-based data does not require a backup. Your SaaS data is vulnerable to data loss due to human error, malware, ransomware, sync issues, and other commonplace reasons. The Shared Responsibility Model puts the onus of data protection squarely on the data controllers – a.k.a. you. With the bulk of business-critical data now on the cloud, driven by the post-COVID shift to the remote workforce, it becomes all the more of a business priority to secure your SaaS data.
#4 Ransomware Backup Best Practice: Test Your Backup and Recovery Processes Regularly
You should test your backup and recovery processes regularly to ensure that they are working as expected and that you can actually recover your data in the event of an attack. There are two main types of tests:
- Full system restore: This type of test restores your entire system from scratch, including the operating system, applications, and data.
- Partial file restore: This type of test restores a small subset of files or data to ensure that the backup is working and that you can actually access and use the data you need.
Tests should be conducted at least monthly, and more frequently if you have a high volume of changes to your system. Here are some helpful Whys and Hows of Backup and Recovery Testing.
How CloudAlly Backup Implements Ransomware Recovery Best Practices
CloudAlly takes a holistic and ransomware-resistant approach to backup, which includes all of the best practices discussed in this blog post.
- All of our data is kept in Amazon S3 immutable storage and encrypted using strong AES-256 bit encryption methods. Data is encrypted and secured via SSL (HTTPS) enabled servers. Our servers are well protected, hardened, and up to date on the most recent security updates. All end-user sessions with the CloudAlly backup solution use SSL.
- CloudAlly also offers data backup with S3 Object Lock for sensitive data which retains records in a non-rewritable and non-erasable format to meet stringent data regulations.
- Apart from your production copy on the SaaS platform, CloudAlly backs up one copy on Amazon S3 with another copy on Glacier. Thus offering full data backup redundancy in keeping with the 3-2-1 rule.
- Our solutions implement application security best practices, such as multi-factor authentication (MFA), Two Factor Authentication (2FA), Okta integration, OAuth permissioning, robust password protection, password and access key rotation, and vulnerability and patch management.
- CloudAlly offers comprehensive, end-to-end protection of all your SaaS data – Microsoft 365, Google Workspace, Salesforce, Dropbox, and Box.
- Essentially, CloudAlly includes unlimited storage and consequently unlimited retention for unlimited point-in-time recovery. Seamlessly restore your data from any point-in-time.
Watch how CloudAlly’s ransomware recovery “saved the day” for one of Canada’s fastest-growing service provider