6 Best Practices for Ransomware Protection
According to the Veeam 2023 Data Protection Trends Report, 85% of organizations suffered a ransomware attack last year. Of those organizations, 84% had no other choice but to pay a ransom. This accounts for billions of dollars lost to cybercrime each year. Organizations that can either prevent ransomware attacks or protect their data against attacks can save themselves from significant recovery costs, reduce the risk of having their regular business disturbed and protect their reputation.
It’s vital to implement ransomware protection measures early. Once an attack has taken place, it’s most likely too late to try and salvage data if you don’t have robust protection measures in place. This is because ransomware is becoming increasingly sophisticated and is able to penetrate networks and find attached backups and storage with remarkable speed and accuracy.
Ransomware comes in many forms, from simple “scareware” that pops up a message asking for a ransom to slightly more sophisticated screen lockers that prevent people from logging into their devices. There’s also the more well-known (and damaging) encrypting ransomware that encrypts files and demands the victim pay a ransom to decrypt their files.
There are other types of ransomware too, like doxware, that threaten to share sensitive data found on a victim’s machine and have lockers that count down to a deadline and threaten to delete the victim’s data when the deadline expires.
Ransomware demands payment in cryptocurrency because of the pseudonymity of these tokens. These kinds of attacks now also mean big business, with professional hacking companies even offering “Ransomware as a Service” and attacking high-profile clients for pay.
Top 6 Best Practices to Protect Against Ransomware
While the saying that prevention is better than a cure still holds true, it’s impossible to prevent all current and future threats since malware prevention is an arms race. Basic best practices, such as choosing strong passwords and using antivirus software and endpoint protection tools, can go a long way toward reducing the risk of ransomware attacks. However, having steps in place to minimize the damage that a ransomware attack is likely to do is also a wise precaution to take.
1. Use Immutability Wherever You Can
Setting up immutable storage targets can offer protection against ransomware attacks. In the past, this was a difficult thing to implement. Modern data protection and backup solutions make it easier to create immutable targets and storage pools to help protect your data against ransomware.
2. Create Encrypted Backups
If you aren’t already encrypting your backups, start doing so now. Backups aren’t designed to be accessed frequently, so any performance overhead from encrypting them is minimal, and the benefits of encrypted backups in terms of security are too significant to ignore. Encryption would make it more difficult for ransomware attackers to access your data, and it would help prevent other unauthorized access and data leaks.
In addition, ensure encryption keys are stored securely and are accessible for the right people when they need them.
3. Verify Your Backups Regularly
Check the integrity of your backups and verify that any automated backups you’re running are taking place as you’d expect them to. Verifying backups doesn’t take long, and it gives you peace of mind that you’ll have the ability to recover your data. Spending a few minutes each week or month to double-check your backups could save you and your IT team a lot of stress if you ever need to implement your data recovery plans. Having regular automated simulations of your recovery plan might be part of that process.
4. Limit Access to Backups
Every user that has access to your backups is a potential attack vector. Stolen credentials are the most common way for data breaches to take place. By limiting who has access to your backups, you reduce the severity of any data breaches that may take place. In an ideal world, everyone would choose secure passwords, not reuse them and follow best practices with multi-factor authentication.
Unfortunately, humans are fallible, and people do take risks or shortcuts. As a systems administrator, it’s your job to do as much as possible to mitigate that risk. Ensuring users have access only to what they need is a practical first step.
5. Proactively Monitor Your Systems
Ransomware is evolving quickly, and antivirus/malware software isn’t guaranteed to pick up on the newest variants. Using tools to watch out for indicators of compromise can help you spot an infection before it gets the chance to do a lot of damage. If you see that a backup job has been changed or that files that aren’t usually touched are being altered, this could be a sign something’s wrong.
Being alerted to indicators of compromise allows you to take data offline or move to a “clean room” environment and start investigating the cause of unusual behavior — hopefully before lasting damage is done.
6. Have a Data Recovery Plan
A data recovery plan should be a part of your broader business continuity strategy. If you still need to get a formal plan in place, start making one. If you do have a plan in place, test it regularly. If you’re following best practices, you’ll be taking regular backups and already be confident that those backups are working. But does this cover all the files you need?
Run some roleplay scenarios to see whether you could recover all the data you need in the event of attacks on specific systems. Consider what you’d do if you had to shut down certain systems while removing malware from your network. Don’t just assume your plans are good enough — test and review them regularly, especially if you change your processes or start working with new software.
The recovery plans should be well-documented and well-known amongst the stakeholder teams that may have to execute them.
Case Studies: Successful Ransomware Protection Strategies
Veeam has worked with many organizations and helped them avoid the impact of ransomware attacks. One recent success story is the City of Sarasota. Veeam Data Platform and Veeam Backup for Microsoft 365 have helped the City of Sarasota avoid paying out a $34 million ransomware bill.
Sarasota is a city that is often hit by hurricanes and floods, and the city’s officials wanted to ensure that their residents had uninterrupted access to city services. The city offers many digital services for their residents, ranging from everything to bill payments to storm preparation. They chose Veeam as their backup provider because it was easy to implement and manage. After using Veeam’s tools for about a year, Sarasota was hit with a ransomware attack that encrypted three of their file servers and demanded a ransom of $34 million in Bitcoin.
Rather than pay the ransom, Sarasota recovered their Veeam backups. This process was easy and quick and allowed them to get all their data back without interrupting their ability to deliver services to their residents. After this successful recovery, they decided to take a more proactive approach to ransomware protection and added more backups to their workflow.
The 3-2-1-1-0 Rule is now a key to their backup process. They take three backups on two different media. One copy is stored off-site, one copy is immutable or airgapped and they accept no backup recovery errors. Thanks to this implementation, they can feel confident that, should they experience another ransomware attack, they’ll be able to turn to their backups and recover all their data safely again.
Protect Your Data From Ransomware With Veeam
Ransomware is a threat to businesses of all sizes. Since the tools used by attackers are so sophisticated, it can be challenging to protect yourself against these attacks. Storing backups on the same network as your existing data isn’t good enough to protect against ransomware because malicious software can explore the network and will aggressively look for files to encrypt.
To fully protect your data, you’ll need to take encrypted backups that are stored separately from the files you use for your daily operations. Redundancy in the form of multiple backups is also wise because the redundant copies will still be available if an attack goes unnoticed or you have an outage or issue with a backup.
Veeam offers a variety of backup and recovery solutions for different platforms, including on-premises, cloud and SaaS backup solutions that are tailored to the tools and platforms that organizations use in their daily operations. Veeam immutable ransomware protection offers secure, robust storage that will protect your data and help you recover quickly from a ransomware attack.
Getting started is easy, and there is a range of pricing tiers to choose from depending on the solutions you choose and your specific data protection needs.
If you’d like to know more about how Veeam can help protect your organization from ransomware and other digital threats, learn more today at https://www.veeam.com/ransomware-protection.html or contact an expert.