Yes, it’s obvious that data should be kept safe. And yes, it’s clear that part of all protective measures deployed, the ability to restore the data from a back-up should be kept on top. But no, it’s still not common practice that data is properly backed up. Well, World Backup Day is here to remind you that you should test whether your backup solution really works. Or, for risk takers: re-assess the risks of not having any backup solution in place.
There are a lot of dangers to your data, from hardware failures to user mistakes. But one additional threat has emerged in recent years which puts your data at serious risk: ransomware. This particular kind of malicious software is used for extortion. When activated, ransomware prevents access to a device or the data on it until the victim pays a fee.
Ransomware is nothing new, but while its early screen-locking attacks were more annoying than truly dangerous, recent aggressive encryption ransomware that spreads in huge waves around the world causes serious damage not only to individuals, but also to businesses and government organisations. Hospitals with critical systems down, law firms with their entire clientele’s data unavailable or police departments without access to their data… With majority of victims paying silently, without letting on that they were got caught off-guard.
While the first encryption ransomware implementations were often flawed and security researchers able to come up with workarounds to recover files without paying the ransom, modern ransomware deploys advanced encryption methods which are in fact unbreakable. This means that paying the ransom is the only – so far confirmed – way to get the encrypted data back. Even the FBI admits that they often advise that the victims pay the ransom. But paying the ransom should not be considered an option. Prevention and improving resilience help much more – not only against ransomware attacks but also against other threats, be they viruses or own employees.
Having a good backup strategy before the damage to data occurs – for example, before the ransomware encrypts the data – turns the nightmare into a mere nuisance. For organisations, a good backup strategy means having a quality backup solution – for example ShadowProtect by StorageCraft – implemented, processes formalised and the ability to recover periodically tested. Individuals don’t need any approved strategy, of course. They need to choose some quality cloud storage service or a hardware solution. In both cases, it’s crucial to take into account the real scenario of possible use. For example, that the ransomware also goes after backup files and, if it reaches them (be it in the cloud, removable media or local network), it encrypts them as well as the original files. So, it’s important to keep the backup files offline or take other measures to keep them safe.
Victims of cybercriminals who’ve paid ransoms often argue that the ransom was quite small, the encryption keys really arrived and recovery easy. That might be true, but there are no guarantees. Compare that with a recovery from a backup: it’s nearly for free, 100% safe and easier to do. Even fairly large businesses can limit their downtime to just minutes before they’ve restored their operations.
World Backup Day should make all of us think about what might happen to our data and systems, and take appropriate steps to prevent any unnecessary damage.
See our Storagecraft page for more info on data backup and recovery.