Ransomware attacks utilize a variety of different attack vectors. And IT managers should know how to defeat the most common ones to defend their departments from ransomware attacks. IT managers should also know how to back up their systems to ensure 100% recovery in the event an attack occurs. When IT managers have a good understanding of backups, they never have a reason to pay criminals a ransom.
Prevention
Many ransomware attacks are surprisingly easy to prevent. Many assume the most common attack is by email. And while attacks utilize email, attackers use many other attack vectors that are completely preventable. For example, many attacks exploit vulnerable systems exposed over an open firewall port. This type of attack is very common and easily preventable by simply doing an audit of open ports. More recently, attackers have used social engineering tactics. And social engineering may be prevented by following strong policies and procedures.
Recovery
IT systems, files, and data are all 100% recoverable if the IT department has a good backup. So, there’s no reason a business should ever have to pay a ransom. Unfortunately, while many IT managers will say they have a good backup, most don’t understand what that means.
What is NOT a good file-level backup?
- When a program backs up the data to a server or database located on the current network.
- Backing-up virtual machines and relying on Microsoft shadow copy to restore files. Microsoft has explicitly said in their documentation that shadow copy should never be relied upon for a backup. It’s only a best-effort file recovery feature because of how it’s designed.
- Using any form of disk mirroring.
- Backing up to a share, or any location, on the network.
What is a good file-level backup?
- A backup that stores the backup in a different medium, or different location, where it may not be easily modified. A couple of examples are tape drives and cloud backups.
- A backup that stores multiple versions of files so that if corrupt files are backed up, a good version may still be recovered.
- Backups that provide the ability to do full, differential, and incremental backups.