Rethinking Your Backup Strategy in Light of Ransomware Threats

Rethinking Your Backup Strategy in Light of Ransomware Threats

(Updated May 19, 2023)

You’ve got a very serious problem on your hands should your firm’s computer network ever become infected with ransomware. Basically, your data will be encrypted and then you will be told how much you will need to pay in order to receive the decryption key, which may or may not work. Whether you pay the ransom or not, and I advise not, you are going to need the services of a cybersecurity specialist; and understand there are no guarantees here, she may or may not be able to recover all of your data.

It’s important to also know that ransomware can infect your network via multiple channels, many of which involve some form of social engineering.  One common attack vector looks like this. Someone in your firm is tricked into opening an attachment in an email that purports to be a business document or invoice.  That’s all it takes. Once enabled, the malware will start to encrypt your data. 

Making matters worse and depending upon the specific family of ransomware you’ve been hit with, the ransomware can replicate itself and spread across an entire network, can scramble the file names of all encrypted files, can run several different encryption programs in a single attack, can identify and erase restore points, can erase all the data on the hard drives, can be programed to delay executing in order to infect backups, and the list goes on.  In short, any cybersecurity specialist brought in to try and address the situation is going to be facing an uphill battle trying to recover anything. 

Again, there are no guarantees in terms of the having the ability to recover from a ransomware attack. Cybercriminals continually work to improve the effectiveness of their tools. Certain strains of malware can now even jump to the cloud, many have been engineered to evade detection by antivirus software, and as stated above, can be programed to delay running. In light of all this, the institution of an effective backup process has become a critical component to an overall defensive strategy against ransomware and other forms of cybercrime. 

Best practices today dictate having at least three copies of all your data, utilizing two different media formats, one of which must be maintained off site. For example, you might utilize an external hard drive and a cloud backup provider. An approach like this would allow you to have access to a copy stored locally in case your internet connection is down, and post ransomware attack, the cloud backup may be the only good backup available to the cybersecurity specialist as they try to help you recover. That said, a few side notes are in order.

1) Since ransomware can map drives and infect everything connected to the network, always disconnect backup drives (e.g., any external USB drives) from the network once the backup process has completed.

2) While cloud backups can be your salvation in the event of a ransomware attack, as with any backup process, sometimes the backup data set becomes corrupted.  Thus, having multiple versions of the backup in the cloud is a good idea.

3) Given the rise of time-delayed attacks, maintaining an archive of backups locally or in the cloud would be another prudent step to take.  Yes, while losing a month or two’s worth of data might be difficult if all your current backups become infected, archived backups serve a fallback making sure you don’t lose everything. 

4) Look for cloud backup providers that allow you to control the encryption key as a way to prevent anyone else from accessing your data.

Even with a well-designed backup process in play, the best defense to threats such as ransomware is an effective offense because, and for the last time, there are no guarantees that a full recovery is going to be possible.  Often, it’s not.  So, in addition to instituting a backup process along the lines presented above, every firm regardless of size should prioritize mandatory ongoing training for all staff and attorneys.  The training should focus on social engineering awareness to include presenting real-world examples that not only demonstrate how these types of attacks continue to evolve but also provide tips on how to spot them.  Finding quality training like this, however, can be a bit of a challenge for some.  To help with this, consider working with a security company like KnowBe4 whose entire focus is geared toward this kind of training.

Print Friendly, PDF & Email

Share This Story, Choose Your Platform!

Since 1998, Mark Bassingthwaighte, Esq. has been a Risk Manager with ALPS, an attorney’s professional liability insurance carrier. In his tenure with the company, Mr. Bassingthwaighte has conducted over 1200 law firm risk management assessment visits, presented over 550 continuing legal education seminars throughout the United States, and written extensively on risk management, ethics, and technology. Mr. Bassingthwaighte is a member of the State Bar of Montana as well as the American Bar Association where he currently sits on the ABA Center for Professional Responsibility’s Conference Planning Committee. He received his J.D. from Drake University Law School.