In response to new ransomware policies released by the UK’s National Cyber Security Centre, experts offer perspective below.
In response to new ransomware policies released by the UK’s National Cyber Security Centre, experts offer perspective below.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
While offline backups are certainly an important part of any business continuity strategy, they provide limited protection to sophisticated ransomware attacks, as many actors delay activation until their code has been deployed in an environment for an extended period of time (often months), allowing for their code to infect even offline backups. Restoring from an offline copy simply re-installs that software into the environment, only to be re-activated.
Good business practice dictates having several backups. Keeping one from 6 months prior, 3 months prior and the monthly. The monthly backup should be daily snapshots.
The scanning of the servers for threats daily, then back up to multiple locations. Today\’s cloud back up storage is a inexpensive and can be done in several offsite locations. These backups should be verified and restored periodically for validation. Encrypted backups are also a way to prevent the malware from infecting it if it’s connected to the network.
Offsite backups are important to prepare for any sort of incident, but are even more important in the case of ransomware. However, even backups alone may not be sufficient. We\’re seeing ransomware evolve to the point that the criminals steal critical information from organisations when they infect them with ransomware. They then try to extort the company, its customers, and partners for money in order to not release the stolen information.
Therefore, it\’s essential that organisation do all they can to prevent ransomware to begin with. This requires a layered approach to make it difficult for criminals to get in such as patching external-facing systems, implementing MFA, encrypting data, and providing security awareness and training to all users.
While offline backups are certainly an important part of any business continuity strategy, they provide limited protection to sophisticated ransomware attacks, as many actors delay activation until their code has been deployed in an environment for an extended period of time (often months), allowing for their code to infect even offline backups. Restoring from an offline copy simply re-installs that software into the environment, only to be re-activated.
Good business practice dictates having several backups. Keeping one from 6 months prior, 3 months prior and the monthly. The monthly backup should be daylily snapshots.
The scanning of the servers for threats daily, then back up to multiple locations. Todays cloud back up storage is a inexpensive and can be done in several offsite locations. These backups should be verified and restored periodically for validation. Encrypted backups are also a way to prevent the malware from infecting it if it’s connected to the network.
Encryption! use encryption for your data backups. use a separate key for your backup data than the primary storage data. especially when using cloud backup solutions. less likely that two passwords/encryption methods be compromised at the same time,reduces your risk for recovery of your data after a ransomware incident. this is a best practice recommendation.
While offline backups are certainly an important part of any business continuity strategy, they provide limited protection to sophisticated ransomware attacks, as many actors delay activation until their code has been deployed in an environment for an extended period of time (often months), allowing for their code to infect even offline backups. Restoring from an offline copy simply re-installs that software into the environment, only to be re-activated.