Ransomware Back-ups and You
I want to take a little time today to discuss some of the things you need to think about when it comes to ransomware and your backups. Previous articles in the series have concentrated mainly on the big picture, but today we have some small picture advice.
Ransomware Resilient Back-up
I am going to point you at my previous article which explains clearly what a ransomware resilient back-up consists of:
What exactly do I mean when I say “ransomware resilient back-up”?
This is your absolute minimum requirement to protect your organisation from ransomware. If your data is encrypted – you can go to this back-up and retrieve your information, without paying a ransom. This advice is in line with the advice given by The National Cyber Security Centre. (NCSC, 2022)
But a ransomware resilient back-up is not going to be effective if not all your important information is included.
Back-up everything – That is a ransomware resilient back-up
It sounds obvious, but many, many times when we discuss back-ups with new clients we discover some vital store of information that has been missed from the organisation’s resilient back-up plan (Richardson and North. 2017).
Here are the two most frequent offenders:
Accounting and payroll software
Often either not backed-up or just backed-up onto portable USB memory sticks carried in the user’s work bag. No reporting or accountability at all. This data is not normally encrypted in an attack – although I have not checked this extensively and who knows what the threat actors will encrypt tomorrow – the issues arise when the accounting machine is the source of the malware attack.
You will need a resilient back-up plan for that data.
Windows Desktops
Probably the most forgotten storage location and most abused by users. (Take a moment and look at your computer desktop and see how much important information you have stored there. Or are you one of the minority who has a clean desktop?)
So here are two tips for making sure that desktop information is backed up:
- Create shortcuts to folders that are included in the back-up. On my desktop I have a shortcut to a folder in SharePoint (which is backed-up) where I keep my reading and research – something I use everyday.
- Microsoft 365 for Business includes a local setting that will back-up a desktop. You find it here:
- Open the company OneDrive settings locally.
- Go to “Manage back up”
- Select the locations you want included in your OneDrive sync and Microsoft 365 back-up.
Training and Policies and Procedures
Your take aways from this when it comes to ransomware and back-ups
Someone needs to check:
- If your team are saving files to their desktops
- You either need to train your team on NOT saving to their desktops (good luck with that) – or have a way of backing up those desktops.
- If you use Microsoft 365 for Business, then train your team in the above procedure – feel free to use my graphics.
- Circulate your policies and procedures on where you want data saved.
Now you have to check two more things:
- Remember Microsoft 365 cloud storage is not a back-up. Microsoft in describing the “shared responsibility” makes it clear that users are responsible for their own data (Lanfear. 2022). So how do you back-up your company Microsoft 365.
- Check that all your other vital information systems are backed-up, for example accounting and payroll, factory control data, CAD and CNC files, websites and website data, etc..
Next
Which systems?
Clive Catton MSc (Cyber Security) – by-line and other articles
References
NCSC. (2022). Offline backups in an online world. NCSC. Retrieved November 30, 2022, from https://www.ncsc.gov.uk/blog-post/offline-backups-in-an-online-world
Lanfear, T. (2022). Shared responsibility in the cloud. Microsoft Learn. Retrieved February 20, 2023, from https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
Richardson, R., & North, M. M. (2017). Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10.
Further Reading
The rise and fall of removable media
Ransomware Mini-Series (2023)
This is part 7 of my ransomware mini-series:
Ransomware: Is it a Threat? (Part 1)
A Bag of Spanners – Planning and Preparation (Part 2)
Minimise the Damage – Planning and Preparation (Part 3)
Detecting Ransomware (Part 4)
Ransomware – What Not To Do! (Part 5)
Ransomware – The Impact (Part 6)