Ransomware: How to make sure backups are ready

Avoid paying off ransomware attackers by following these steps to ensure backups can restore infected systems.

CSO / NW  >  Engineer checking/testing servers
CasarsaGuru / Getty Images

The best way to avoid paying ransom to attackers who have infected your systems with ransomware is to have those systems adequately backed up so you can wipe them and restore them from safe backups. Here are several options for making sure those backups are up to the task.

In this article, backup refers to any system that you're going to use to respond to a ransomware attack, including old-school backup systems, replication systems, and modern hybrid systems that support backup and disaster recover. For simplicity’s sake, they’ll all be referred to as backup here.

Backup everything using the 3-2-1 rule

Before anything else, one idea is paramount: Back up all the things. Investigate your backup system's ability to automatically include all new systems, filesystems, and databases. This is easiest in the virtualization world where you can configure your backup system to automatically backup all VMs on a host whenever they show up. This can also be done with tag-based inclusion, where VMs of different types get automatically included based on their “included” tags. This is one of the best uses of automation in a backup system--automatic inclusion of all the things.

Also make sure to follow the 3-2-1 rule in your backup system, no matter who tries to tell you it’s old-fashioned. The rule says make at least three copies or versions of data stored on two different media, one of which is off-site. The big parts here are the two and the one--store backups on a different system and in a different location. Don't store your backups in the same place as your primary system. Even better, store them on a different operating system and a different physical location, but in the real world that’s not always possible.

To continue reading this article register now