Ransomware is everywhere in 2016. We encourage and work with clients to do everything possible to avoid becoming a victim. But cybercrime is nothing if not adaptive. The technology and tactics of ransomware continue to evolve daily – hiding malicious code in tempting or deceiving emails, updates, and links. As much as we try, and should certainly not stop trying, it seems we cannot hope to completely prevent dealing with some variation of ransomware eventually.
If it can’t be reliably avoided, don’t worry, hope is not lost. The fatal flaw of ransomware seems to be found after infection. The one sure way to avoid the ramifications of an attack is not necessarily in not becoming a target but rather in being sure you cannot be made a victim.
Ultimately, they may be clever enough to get into your system and even attach malicious code to your data, but the goal of ransomware is to may you pay to recover stolen data. If you have proactively and effectively backed up the data before it was compromised, you do not need to recover the data from the hackers, you can recover it from your own backups.
The fact that we are still dealing with rampant ransomware attacks and constant news of yet another breach tells me that enough companies and healthcare organizations are not adequately backed up. It should not be difficult to remove the incentive altogether. But, to do so, we need to understand and commit to creating and protecting thorough backups.
Security-Specific to your Systems and Needs
There is not a one-size-fits-all backup plan that will work for your organization. I cannot outline five steps or recommend one tool that will ensure your company’s data is backed up adequately. For your backup to be complete, reliable and ready when you need it will require a thorough examination of the systems, servers, tools, and types of data involved. This process is not unlike performing a risk assessment. No two organization’s needs will be the same. In fact, your organization’s backup needs will not stay the same over time. If you are relying on a tool or a process that has not been thoroughly reviewed, you may find your backups to be incomplete or unusable in an emergency.
Backup Data Protected Just Like the Original
First, it should be noted that in order for backups to save you from the consequences of a ransomware or another type of cyber attack, critical and sensitive data must be encrypted. Whether you have a backup ready or not, if hackers gain access to protected health or personal data, you will have a breach on your hands and will have the headaches and penalties that go along with it.
The data that you backup to be used to recover encrypted data that could be stolen or compromised should be encrypted the same as the original. Your backup is just another set of the same data and is just as valuable as the original and should be protected just the same.
Off Site Backups Not Accessible in the Network
The backup data should be encrypted and protected at the same level but not in the same location. The backup data should not even be accessible through the same network that houses the original data. If someone gains access to your organization’s files, your backup will be useless if it is compromised in the same attack. This follows the same logic as making business continuity plans in the event of a natural or physical disaster. If your backup is housed in the same building that is broken into, flooded, or otherwise inaccessible for a myriad of potential reasons, it will not help you in a crisis.
As long as there is the opportunity to make a profit, cybercrime will continue to devise clever and tricky ways to get ransomware into our networks. The ingenuity of these attacks seems to know no bounds. The only way to stop ransomware attacks seems to be to remove the incentive. They cannot always be prevented up front but with effective, routine and recoverable backups ready, it is possible to thwart the most creative and skilled attack. When someone takes your critical data hostage, you’ll know it is unusable because you have encrypted what should be encrypted and, with a recoverable backup waiting, you can say “no problem, I have another one that looks just like it!” You win.