Ransomware Backup Strategy: Beyond the 3-2-1 Rule

ransomware backup strategy

About Us

SysAdmins creating software for SysAdmins.

Ransomware Backup Strategy: Beyond the 3-2-1 Rule

ransomware backup strategy

If you’ve established a solid backup strategy for your business data, then you’re probably aware of the 3-2-1 rule. According to this longstanding rule, you need three copies of your backup data, on two different types of media, and one of them should be stored offsite unconnected to any network.

This is sound advice, and it has helped companies protect their digital assets for many years. The question is, does the 3-2-1 rule also apply to your ransomware backup strategy? We believe the issue is too complicated to address with a simple yes or no. First, we need to dive deeper into what ransomware is and how it operates.

Sobering Statistics About the Cost of Ransomware Attacks

What is ransomware? According to an FBI fact sheet:

Ransomware is a type of malicious software, or malware, that encrypts data on a computer making it unusable. A malicious cyber criminal holds the data hostage until the random is paid. If the ransom is not paid, the victim’s data remains unavailable.

During a ransomware attack, the malware bots or scripts indiscriminately try to encrypt every file they can find on your network. This means it’s not just your data files that are at risk—it’s also your onsite disk-based backup files. Simply having backup files for your systems won’t protect you from ransomware because your image-based backups and snapshots will probably get encrypted along with everything else if they’re stored on your network.

Ransomware is on the rise—so if you still don’t have a ransomware backup strategy, now is the time to develop one. Recent research by SafetyDetectives indicates that although the average ransom of $6,500 per incident may not seem like a big deal to larger organizations, the average cost of the downtime caused by a ransomware incident is $380,000—a crippling figure for many businesses. And in the U.S., 54 percent of organizations reported ransomware attacks in the past year.

What Your Backup Solution Must Provide

As we mentioned, any files on your network are at risk of being encrypted in a ransomware attack. So if your entire ransomware backup strategy revolves around backups stored on your network, you’ll need to revise your strategy.

Adding to the difficulty of building a good strategy, many of today’s backup solution providers no longer support tape-based backups. We get it: tapes seem like outdated technology, and you might feel silly using the IT equivalent of a rotary phone. But if we’re going to reject them on those grounds, we need to replace them with a product that can provide a similar level of protection.

The ideal solution to support your ransomware backup strategy is one that allows you to perform a complete system backup once and then copy the backup file to multiple locations and devices of your choosing. Still using tapes? Great! Perform your backup and have your solution automatically copy it to tape, where it will be safe from ransomware bots.

Using USB drives instead of tapes? That’s great too. Perform the backup and copy the file to your USB drive, then store that drive on a shelf.

Storing your backups at an offsite data location? To date, there hasn’t been any ransomware that can figure out how to access offsite data storage. Remember, ransomware may be dangerous, but it’s also simple-minded: it can only find and encrypt files. So if your backup solution can automatically pass your backup files to your offsite storage provider and then automatically retrieve them as you recover from a ransomware attack, you should be good to go.

Get Expert Advice on your Ransomware Backup Strategy

A good ransomware backup strategy should be quite simple. In fact, the FBI fact sheet we cited earlier provides five best practices, and the first is to keep your backups offline—something you may already be doing. With the right solution, you can automate the process of creating these backups and transmitting them to a secure location.

Could Storix help you plan and implement your ransomware backup strategy? For a free, no-pressure consultation, call us at (877) 786-7491.