Public and private organizations across the country are falling victim to ransomware that is interrupting services. Costs to recover data and restore systems can quickly spiral into the millions.
Ransomware encrypts files on computer hard drives, making them impossible for users to access. Bad actors usually demand a ransom payment in Bitcoin in return for a key that might, or might not, decrypt the files. Local governments hit by ransomware include the City of Baltimore, Atlanta and Greenville, North Carolina.
The impacts to Baltimore, hit May 7, ranged from loss of email service to the city's credit card payment system going offline.
Their experiences serve as a pointed reminder for every organization to back up its computer systems.
System and data backups are the best way to thwart ransomware attacks. Bad actors will want to take out your backup process if they can. Having dependable backups with redundancy, diverse media and an off-site copy are critical.
To help secure backups from ransomware, organizations should:
- Use a drive that is not mounted to a particular workstation. Stream the data to its intended target.
- Use a storage device that is not accessible to user workstations.
- Make sure your security controls segregate users from backups. Create separate credentials to access backups.
- Have off-site backups secured and encrypted - for emergency use only, not daily restores.
- Consider file syncing services for daily restores.
- Disconnect backup storage devices when not in use, or password protect the device.
- Create backup and restore procedures and test them on a regular basis. Do not wait until there is an incident to learn how to restore your systems.
Keep in mind that having one backup may not be enough. Security experts recommend following the 3-2-1 Rule:
3. Keep three copies of any important file: one primary and two backups.
2. Keep the files on two different types of media to protect against different types of hazards.
1. Store one copy off-site - outside your home or business.
For more information on backing up data, please see these posts from the Center for Internet Security (CIS) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA):