The 3-2-1 rule is best practice for backup and recovery. Ransomware has caused a lot of chaos and damage to networks across the globe. No backup strategy is 100% foolproof, but following the 3-2-1 rule is the strongest approach possible. To protect your data and recover from ransomware you need to have dependable worry-free backup system in place. This is what the 3-2-1 Backup approach is all about.
Here are a few tips that will help you keep ransomware from wrecking your network and locking up your data :
The latest Petya or ExPetr Ransomware attack is further proof that when it comes to ransomware patching your systems regularly is crucial. It is often the case that organisations can't always roll out updates the day they're available since they need to test the changes and make sure they won't break anything. IT teams must build redundancy into the infrastructure, so one system can be down for patching while a different system handle the load during that time.
It is a suite of well-coordinated tools that work in conjunction and supplement one another. Unfortunately, however, even the most robust extensive array of security protection tools cannot guarantee complete protection against malware, especially in today’s mobile world in which users are constantly transporting devices beyond the safety of the network perimeter.
One comforting fact about ransomware is that its area of infestation is limited. It isn’t a worm that is intelligently driven to spread itself far and wide across both LANs and WANs. Its incursion is limited to local volumes and mapped drives. Mapped drives can include the following:
So the good news, if you can call it that, is that in the event that ransomware is able to establish a beachhead on one of your devices despite the best efforts of your network security array, the damage will be limited to the physical reach of that device only.
And here is the other good news. There is one go-to-solution for combatting this malware, one that will always work no matter what users may do. One solution that will prevent you from losing all of your data no matter what technical breakdown may occur in your security perimeter. That go-to-solution is called proper backup.If your organization becomes a victim of ransomware, you will never have to consider making a payment of extortion to some unnamed remote attacker if you perform regularly scheduled up-to-date backups. A well intentioned backup will be absolutely useless however if there is a physical link to it from the infected device.
In order to ensure dependable worry-free backups, you need redundancy which is what the traditional 3-2-1 Backup is all about. The topology design of the 3-2-1 backup is as follows:
Three copies of your data means that one copy is the original data supported by two separate backup copies. Your data should reside on two separate mediums such as that of a network share, an SSD drive on some type of storage array. It can also be traditional tape media that seems so legacy today, but is mobile enough to take offsite to a secure location such as a separate site used by your organization or even a safety deposit box at a local bank. A possible solution which satisfies both conditions of two media types and a remote location is utilizing the snapshotting feature of your SAN infrastructure. By snapshotting your data at regular intervals throughout the day to an identical environment at a disaster recovery location, you can easily recover from an attack on a virtual host server or VM. Of course it goes without saying that any backup plan includes regular test restorations of the data to ensure that your data can be recovered intact.
It needs to be mentioned that ransomware may be maturing as a form of malware and thus may evolve into new forms that may in fact be able to expand beyond direct physical connections. The one certainty of ransomware however, is that maintaining a well-designed working backup solution will serve as an effective measure against the lasting effects of ransomware, no matter how it may evolve one day.
Sign-up for email updates...
Call us on USA +1 813 304 2544 or IRL +353 91 545555Contact Us