As hackers and attackers are increasingly encrypting systems, many companies are using their backup devices to thwart a ransomware event. As a result, those same hackers and attackers are now targeting backup systems.
Many of our Clients utilize our imaging backup solutions to help restore your systems, most times, by the next business day in the event of a catastrophic situation. Due to changes in threats, as another counter measure, weare now recommending expanding from a 7-14-day backup routine, to now a 60-day backup routine.
Criminals are now using even more sophisticated methods to gain access or create an opportunity for a ransomware event.
One example of this is compromised websites, email links, orevena software vulnerability in your accounting, ERP, EHR or operating system, may allow a piece of malware to be placed on your system and go undetected and simply lay dormant or stay asleep for 1-2 weeks (because that is normally how long a backup cycle is before they are overwritten), then wake up and attack your system. In this situation, the 1or 2 weeks of backups that you had would then be useless as each backup day would contain that malware.
One option is an on-site backup device such as a NAS (Network Attached Storage) placed at your location in another portion of the building that is unlikely to be affected in the event the server is damaged by fire/water/theft etc. Having an on-site device allows quicker access to data files and restoration if needed. We also have fire and waterproof backup devices as well. Even if you use this option, we still recommend replicating that NAS backup to a Cloud Environment so you can utilize what is called an "air-gap", which is another layer of separation for your backup.
In the event your location does not allow for a device to be placed away from the Server, we recommend a larger Solid State Hard drive placed next to your server that your server will back up to each day, then replicated to our Cycrest Cloud Data Center creating an air-gap for your protection.
In either method used above, in the event a catastrophic event does occur, we have many options as a result of the backup devices. We can restore at any point prior to any system compromise and restore the whole system, then restore the date from the prior night's backup to help bring the system current, without the malware in most cases.
NOTE: In the event you are utilizing a "Data Only Backup" method, due to the many ransomware events, we very strongly recommend you switch to a full image backup system, please ask us for details.