According to a ransomware survey report released in June by Keeper Security, 49% of companies hit by ransomware paid the ransom–and another 22% declined to say whether they paid or not. Part of the reason is the lack of backups–specifically, the lack of usable backups.
Backups must be safe from malware, quick and easy to recover, and include not just important files and databases but also key applications, configurations, and all the technology needed to support an entire business process. Most importantly, backups should be well-tested.
Here are eight steps to ensure a successful recovery from backup after a ransomware attack.
1. Keep the backups isolated
According to a survey by Veritas released last fall, only 36% of companies have three or more copies of their data, including at least one off-site. Keeping an “air gap” between the backups and the production environment is critical to keep it safe from ransomware–and other disasters.
“We do see some of our clients that have on-prem backups that they run themselves, as well as cloud-based ones,” says Jeff Palatt, vice president for technical advisory services at MoxFive, a technical advisory services company. “But ideally, if someone has both, they don’t cascade. If the encrypted files get written to the local backup solution and then get replicated to the cloud, that doesn’t do you any good.”