5 Backup Best Practices to Combat Ransomware
Today is World Backup Day, which commemorates the day in 424 BC when Xerxes II, King of the Achaemenid Empire, ordered his scribes to make two copies of all court documents – storing one set of papyrus in the castle’s granary and one set in clay vessels in the summer palace as a backup. Well, actually not, but it sounds good, right? (Got to check your information sources, always, in this era of cyber spoofing… just saying.)
Seriously, World Backup Day presents a great opportunity to focus on the importance of backing up critical data in case of accidental data loss, system outages, or cyber-attacks. The current threat levels are off the charts, especially with regard to Ransomware. Even before the war in Ukraine raised cyber-attack alarms to new heights, this year has seen increases in the number and seriousness of ransomware attacks across the board. The “innovation” of Ransomware-as-a-Service now makes it possible for virtually anybody to mount an effective ransomware attack.
Corporate data has never been so vulnerable. Indeed, insurance companies are raising rates and even canceling policies on organizations that do not have strong data protection programs and policies in place for preventing, identifying, and mitigating the damage of ransomware attacks. With that in mind, here are five suggested best practices that you can take before, during, and after an attack.
- Utilize multi-factor authentication (MFA) – MFA is one of those simple controls that can do a lot to block access to malicious actors. One of the greatest risks in a ransomware attack is that the attacker will corrupt backup data volumes, leaving you completely bereft of clean data to restore. MFA alone won’t mitigate this risk, but it will make life much more difficult for attackers and potentially slow down the progress of a devastating incident.
- Employ the Principle of Least Privilege—It’s a wise practice to limit the number of people who have access to root account credentials. This is usually achieved with an identity and access management (IAM) solution. In particular, people and applications who have access to backup systems should not use the same access credentials they use for other applications.
- Encrypt your data—This is pretty basic, but it’s always surprising to see when this simple rule is not followed. It’s always smart to use data encryption at rest (DaRE). When data is encrypted, the material impact of any data theft is considerably reduced. It is still embarrassing to any company to report a data breach, but much less embarrassing when the exfiltrated data is useless to thieves.
- Use the 3-2-1 backup strategy—This practice calls for having at least three copies of data. Two are kept on-site but on different media. At least one copy is kept offsite. Veeam, a Wasabi partner, recommends what they call the 3-2-1-1-0 golden backup strategy, which goes further, recommending one copy be air-gapped, either offline or in virtual air-gapped cloud storage. The final “0” refers to zero errors. This is important because onsite backups can be compromised along with primary systems. Getting to zero errors involves monitoring and testing backups regularly. Wasabi, unlike AWS S3 and the other hyperscalers that charge excessive egress fees, makes this practice affordable by not charging additional fees for egress or API calls.
- Embrace the idea of data immutability—An immutable backup cannot be modified, making it impervious to ransomware encryption. Wasabi’s immutability feature has two modes: Governance and Compliance. Compliance Mode, which adheres to deletion and protection policies required for many regulatory compliance guidelines, is ideal for maximum protection from human error or malicious acts. Governance Mode allows the root user to change the policy on a given object, e.g., if the object is supposed to be retained for 30 days, the root user can change that. In Compliance Mode, in contrast, not even the root user can change the policy.
Perfecting Your Backup Strategy with Wasabi
Implementing these best practices should help with ransomware mitigation. They will also put you in good, or at least better, standing with your cyber insurance carrier. Our customers are finding this to be the case. For example, according to Brian Fraley, Sr. IT Enterprise Architect at Aquatech International, “Wasabi has been an amazing addition to our backup strategy. Last year one of our overseas offices got hit with ransomware and the NAS that was acting as the repository was also encrypted leaving them without any usable onsite backups. I was able to restore their environment from Wasabi with just a few clicks. Once the immutable feature was available, we stopped using the USB external drives and we could not be any happier.”
For Aaron Miller, Director of IT at Kentucky’s Hardin County Government, Wasabi’s data immutability feature for ransomware mitigation was also a major factor in his decision to use the Wasabi solution. As he explained, “It seems every day we hear about another organization getting hit with a ransomware attack. With Wasabi, if we were ever to get hit with ransomware, we would be able to reinstall the operating systems then bring down our backup from Wasabi within a matter of minutes. Knowing we have all of our data safe and secure really helps me sleep at night.”
These are just a few of the best backup practices that can help you achieve greater resiliency and protection against ransomware and other threats to your data. To learn more about backup strategies that can help you mitigate your next ransomware attack, join our latest webinar, Lowering the Cost of Enterprise Data Protection with Wasabi & Veritas NetBackup, and check out our Ransomware webinar series.