In today’s cybersecurity landscape, having a robust backup strategy for ransomware is no longer optional โ it’s a necessity. As ransomware attacks continue to evolve and become more sophisticated, organizations need to adapt their backup and recovery strategies to stay one step ahead of cybercriminals.
This blog post summarizes the main points of my latest podcast episode. If you’d like, you can listen to it or watch it at https://www.backupwrapup.com/) I’ve written about protecting your backup server, as well.
Understanding Dwell Time: The Silent Threat
One of the most critical concepts in developing a backup strategy for ransomware is understanding “dwell time.” This refers to the period between when an attacker gains access to your system and when they actually launch the ransomware attack. Shockingly, the average dwell time can be up to 90 days or more. This extended presence in your system allows attackers to spread, gather information, and potentially start encrypting data slowly and stealthily.
Rethinking Retention Periods
Given the extended dwell times we’re seeing, it’s crucial to reassess your backup retention periods. The old standard of 90 days is no longer sufficient. I recommend extending your retention period to at least one year, preferably 13 months to cover annual reports and similar cyclical data. Some organizations might even consider retention periods of two to three years to ensure they have clean, unaffected backups to recover from.
Frequency: More is Better
In addition to longer retention, increasing the frequency of your backups is a key element in a robust backup strategy for ransomware. More frequent backups provide you with more recovery point options, which can be crucial when trying to identify the last clean copy of your data.
Leveraging Technology for Rapid Recovery
When designing your backup strategy for ransomware, consider technologies that allow for multiple, rapid recovery options. Snapshots and replication can be game-changers here. They allow you to create numerous recovery points with minimal impact on performance and achieve extremely fast Recovery Time Objectives (RTOs).
Cloud-based recovery solutions are another avenue worth exploring. The scalability of cloud platforms can allow you to restore multiple versions of your systems in parallel, significantly speeding up the process of identifying clean recovery points.
Separating System and Data Recovery
Another important aspect of your backup strategy for ransomware should be the separation of system and data recovery processes. Consider using clean OS and application images for system recovery, then restore data separately. This approach can be particularly effective for database servers, as ransomware typically encrypts database files rather than individual records.
The File System Challenge
While the above approach works well for databases, file systems present a unique challenge in your backup strategy for ransomware. If an attacker has been slowly encrypting files over time, identifying and recovering clean versions can be complex. Some backup solutions offer automated recovery features that can identify and restore the last clean version of each file โ a feature worth considering in your strategy.
Evaluating Data Importance
In cases where old data has been slowly encrypted over time, part of your backup strategy for ransomware should include evaluating whether recovery is truly necessary. Not all data is created equal, and spending resources to recover rarely-accessed files might not be the best use of your time and effort during a recovery process.
Consultation is Key
When developing or refining your backup strategy for ransomware, don’t go it alone. Consult with your backup and storage vendors about your specific ransomware recovery requirements. They may have solutions or features you’re not aware of that could significantly enhance your strategy.
The Role of Virtualization
Lastly, don’t underestimate the power of virtualization in your backup strategy for ransomware. Virtualization can greatly simplify the recovery process, providing flexibility and speed that can be crucial in a ransomware recovery scenario.
In conclusion, an effective backup strategy for ransomware requires a multi-faceted approach. By understanding concepts like dwell time, rethinking retention and frequency, leveraging advanced technologies, and tailoring your approach to different types of data, you can create a robust defense against the ever-evolving threat of ransomware. Remember, in the world of cybersecurity, standing still is moving backward. Continuously evaluate and update your backup strategy for ransomware to ensure you’re always prepared for the worst-case scenario.
Written by W. Curtis Preston (@wcpreston), four-time O'Reilly author, and host of The Backup Wrap-up podcast. I am now the Technology Evangelist at S2|DATA, which helps companies manage their legacy data
