Top Considerations for Using Backup to Restore After a Ransomware Attack
It finally happened. After year’s of telling yourself it would never happen to you, your data has been infected with a ransomware virus. After you’ve finished panicking and sweating, it’s time to look at your next steps. You can either pay the ransom (which the feds strongly urge you not to…), shrug and cut your losses, or be smart and recover your data from your latest backup.
Obviously restoring from a backup is the ideal choice here, but it doesn’t always go that way. Sometimes, even though a backup solution may be in place, you may not actually recover all your data intact. In fact, a recent study from Spiceworks IT showed that only 42% of respondents reported that they were able to fully recover their encrypted data. Of course this approach beats having to pay the ransom, but there are a few steps you can take to make sure you’re in the other 68%.
- Establish an RPO – An RPO, or Recovery Point Objective is the timeframe of how frequently backups are created and informs IT teams the dates and times that you are able to recover from. That being said, if you restore once a week then your backup will restore your data to how it was a week ago. Your RPO is an indicator for how much data you are comfortable losing.
- What’s your RTO? – The RTO, or Recovery Time Objective is the amount of time that it takes to restore your data from the backup. The RTO is typically an average, and may take longer or shorter depending the amount of data being recovered and other variables.
- Make sure your backups are disconnected from your affected computer! – If your backup is connected to a computer that gets hit with a ransomware attack, the chance that your backup becomes is encrypted as well is very high.
To make sure that your backup is ready to handle a ransomware attack, you should enforce these five best practices.
- 3-2-1 Backup – This backup strategy requires three copies of your backup in three different locations with one being offsite. This makes sure that if one copy of your backup is affected, the other ones won’t follow suit.
- Test your backup strategy frequently – You should figure out how long it takes to restore any given endpoint from your backup. This helps you understand the costs associated with a ransomware attack.
- Use a multi-layered strategy – The more layers, the better. If one security measure fails to stop an incoming ransomware attack, you can hope that the other ones catch it in time.
- Use image and fail backups – An image backup makes a quick snapshot of the state of your computer. This makes it easier to manage and quicker to restore. While you’re restoring the image backup, it’s smart to also recover the individual files in case a critical document is needed immediately.