Sunday, February 25, 2018

3-2-1 Backup - revist

For more detail see the previous post  ransomware.

As ransomware gets better, more capable, and more wide-spread the ability to get your files recovered becomes more and more important. As ransomware evolves the goal is to prevent you from using normal recovery methods instead of paying the ransom.

 Restore points, media creation tool instances, and similar tools allow the recovery of the Windows Operating system. Not your data files like pictures, videos, documents, spreadsheets, etc.

 Normal backup methods for such data files like USB sticks, Network Attached Storage (NAS), cloud backup, File History, third party backup applications/utilities, homegroup, workgroup, etc. usually rely on the backup method being always available to keep the backup data current and available. Thus the problem. Since ransomware runs as you (your account) then access to those backup copies are available to the ransomware as well. If the account used to invoke the ransomware is the Administrator account, every account may have their data files encrypted as well.

 Ransomware will find and encrypt any/every file it can to ensure ransom is paid. Getting the decryption key to decrypt those data files is another matter. You may not realize you have become yet another victim until too late. If major corporations with all their protections, staff, policies, and off-site backup vaults fall victim and pay ransom ...

 3-2-1

 3 copies of your data.  We have been in situations where our backup plan did not work. So at least 3 copies, more for sensitive data.

 2 separate backup media or methods. Internal disk, external disk, NAS, cloud, DVD/CD, etc
.
 1 OFFLINE copy. OFFLINE meaning offline all the time, except for when the OFFLINE backup is running to refresh the backup or recover the data. While recovering the data, recover to a freshly patched and scanned machine without network access!! The ransomware may still be on the machine or the vector used to infect may still be available.

 Once the data is on the offline media, guard that media by the best and most appropriate means.
If found and stolen they have your data. An encrypted drive, hidden in another room?

NOTE: Cloud backup or cloud duplication provide utility for backup, ability to access from remote locations, access from/for family, etc.
Do be aware if someone else can convince the cloud service provider that they are you and need the password reset for your account ...
Use "need to know", folder separation, and encryption to protect data in "the Cloud".

No comments:

Post a Comment