Incremental back-ups hosted on secure colocated servers are the best defense against ransomware attacks like those that hit healthcare operations across Europe last month. Without isolated, verified back-ups in a secure data center, there’s little an organization can do if its data is lost to a ransomware attack.
Ransomware is big news. It’s unusual for IT security issues to make it from the pages of industry publications onto the mainstream media, but ransomware exploits a deep-seated fear of every individual and business in 21st Century America — data loss. Whether it’s data vital to business operations or pictures of our children, the idea of losing data is terrifying. So while I watch newsreaders announce the latest massive malware campaign against healthcare providers, this question goes round and round in my head: why do these people not have back-ups?
Ransomware attacks are effective only if they can deprive organizations of access to data. In a typical attack, a computer is compromised via an existing vulnerability. The attacker exploits the vulnerability to install malware. The malware encrypts the data it finds on the machine and attached network drives, then presents a ransom message to the user. There are two ways to regain access to the data. The victim can pay the attacker and hope they receive the promised key. Or they can wipe the machine, reinstall the operating system, and restore the data from their back-up.
I know which option I’d prefer, especially if I was running the IT department of an organization that provides critical services like healthcare.
Not all back-ups are equal, so it’s useful to think about the qualities a back-up needs to be an adequate defense against ransomware attacks.
Offsite. Offsite back-ups are preferred to ensure isolation from the attacked network. If the back-ups are stored on network drives down the hall from the infected machines, there’s nothing to stop an attacker encrypting everything. They’re already inside the network.
Redundant. Back-ups should exist in more than one location. A single back-up is better than nothing, but the more back-ups an organization has, the safer it is. A solid back-up strategy is to have multiple back-ups, including weekly, daily, and up-to-the-minute incremental back-ups.
Verified. Everyone knows they need back-ups. But few organizations actually check to make sure that their back-ups can be restored — the recent GitLab data loss is an example of what happens when an organization doesn’t verify its back-ups by regularly carrying out test restores.
Available. The infrastructure used to host back-ups has to be rock solid to minimize the risk of failed back-ups and restores.
Back-ups that fulfill these criteria make it next-to-impossible for an attacker to successfully extort an organization with ransomware. Of course, back-ups are only one part of a ransomware mitigation plan. It’s better to never be infected with ransomware in the first place, so a strong patch management strategy is also essential. But in the event of a failure of network security, a set of good back-ups can protect an organization against the worst effects of ransomware attacks.
Colocation data centers are an excellent venue for hosting data back-up storage infrastructure. The infrastructure is completely under the control of the organization that owns it and colocation data centers provide unbeatable physical security, in addition to redundant, reliable power and bandwidth.