USA +1 813 304 2544 IRL +353 91 54 55 00

TitanHQ Blog

Ransomware Protection: Why the 3-2-1 Backup Strategy Works

Posted by Geraldine Hunt on Thu, Jul 21st, 2016

Is there any one solution that provides complete ransomware protection? Ransomware has caused a lot of chaos and damage to networks across the globe.  To protect your data and recover from ransomware you need to have dependable worry-free backup which is what the 3-2-1 Backup approach is all about. Ransomware has brought a lot of attention and awareness to network security and endpoint protection. There are a number of security tools that can allow you protect your users and data from this prevailing menace. 

These include:

  • Spam filtering to protect users from phishing embedded links and attachments that are embedded with malicious code
  • Web filtering to prevent users and automated sessions with websites that serve as download hub mechanisms
  • Reputable anti-virus and anti-malware protection on endpoint devices
  • Regular updating and patching on all of your devices
  • Gateway antivirus which scans all active internet sessions and strips packets of malware infected code
  • Disabling the remote desktop protocol on any computers that are directly exposed to the Internet
  • Disabling files running from within the AppData or LocalAppData folders if at all possible
  • Conducting user training in order to educate users to become more cynical, defensive and proactive

Endpoint protection is no longer comprised of a single tool or entity.

It is a suite of well-coordinated tools that work in conjunction and supplement one another.  Unfortunately, however, even the most robust extensive array of security protection tools cannot guarantee complete protection against malware, especially in today’s mobile world in which users are constantly transporting devices beyond the safety of the network perimeter.

Ransomware’s area of infestation is limited

One comforting fact about ransomware is that its area of infestation is limited.  It isn’t a worm that is intelligently driven to spread itself far and wide across both LANs and WANs.   Its incursion is limited to local volumes and mapped drives.  Mapped drives can include the following:

  • A mapped drive pointing to a network share on a server or NAS
  • An external drive attached to the infected machine including a USB storage device
  • A locally installed cloud drive such as Dropbox

So the good news, if you can call it that, is that in the event that ransomware is able to establish a beachhead on one of your devices despite the best efforts of your network security array, the damage will be limited to the physical reach of that device only.

The go-to solution for combatting ransomware

And here is the other good news. There is one go-to-solution for combatting this malware, one that will always work no matter what users may do.  One solution that will prevent you from losing all of your data no matter what technical breakdown may occur in your security perimeter. That go-to-solution is called proper backup.If your organization becomes a victim of ransomware, you will never have to consider making a payment of extortion to some unnamed remote attacker if you perform regularly scheduled up-to-date backups.  A well intentioned backup will be absolutely useless however if there is a physical link to it from the infected device.

3-2-1 backup

In order to ensure dependable worry-free backups, you need redundancy which is what the traditional 3-2-1 Backup is all about.  The topology design of the 3-2-1 backup is as follows:

  • Have at least 3 copies of your data
  • Utilize two different media formats
  • Have one of the copies be offsite

Three copies of your data means that one copy is the original data supported by two separate backup copies.  Your data should reside on two separate mediums such as that of a network share, an SSD drive on some type of storage array.  It can also be traditional tape media that seems so legacy today, but is mobile enough to take offsite to a secure location such as a separate site used by your organization or even a safety deposit box at a local bank.  A possible solution which satisfies both conditions of two media types and a remote location is utilizing the snapshotting feature of your SAN infrastructure.  By snapshotting your data at regular intervals throughout the day to an identical environment at a disaster recovery location, you can easily recover from an attack on a virtual host server or VM.  Of course it goes without saying that any backup plan includes regular test restorations of the data to ensure that your data can be recovered intact. 

It needs to be mentioned that ransomware may be maturing as a form of malware and thus may evolve into new forms that may in fact be able to expand beyond direct physical connections.  The one certainty of ransomware however, is that maintaining a well-designed working backup solution will serve as an effective measure against the lasting effects of ransomware, no matter how it may evolve one day. 

Talk to a specialist or  Email us at with any questions.

Never Miss a Blog Post

Sign-up for email updates...


Need Help Ordering?

Call us on USA +1 813 304 2544 or IRL +353 91 545555

Contact Us