By Dave Moore
Read part one here: Can SMBs Do Something To Prevent Ransomware? (Yes!) - Part 1
Who is in charge?
Can you isolate infected computers?
Do you need to call in outside help, including law enforcement?
How will you access secure backups?
Do you need to change passwords?
All these things need to be considered in advance.
Restoring files from secure backups is the only sure-fire solution to a ransomware attack. Lacking a dedicated, full-time IT staff, a SMB approach will likely be different from a large enterprise solution. Even so, with some determination and forethought, secure backup systems can be put in place without enterprise-level expenditures.
As usual, your important files should exist in three different places:
on the hard drives of the devices that need to use them
on local removable external hard drives kept on site
off-site, using an online backup service
This method is sometimes called the 3-2-1 rule, with the thinking that if, God forbid, both your computer and your local backup drives are unavailable due to natural or human-made disasters, you can still download your data from online backups and get back to work.
Data should be encrypted, in motion and at rest. Admin-only permissions should be required for critical functions, such as password changes and file changes/deletions, and alerts should be triggered any time these things occur. Multiple backup sets should be maintained, going back in time, and be retrievable for a defined period, say, thirty days. Such schemes are sometimes called “Grandfather-Father-Son” or time-based file versioning.
On-site backups need to be secured in a way that keeps them unaffected by ransomware attacks, as danger exists that your backups could be encrypted and held hostage as well. Do not map drives that contain critical data like backups; many ransomware variants are designed to seek out and victimize mapped drives. Disable shares on backup systems. Also, external backup drives should not be left constantly connected to the systems they are protecting.
An old-school yet quite effective on-site backup approach that can secure backups from ransomware is to take the computer offline, connect an encrypted backup drive, perform the backup, disconnect the backup drive from the computer, and then get back online. This requires consistency and vigilance, but is well worth the effort. Ideally, backups should be kept on systems that never touch the Internet, but many times with SMBs, compromises will be made. There are also specialized backup programs offering extra protections that can help with these chores that are not particularly expensive, such as Acronis Active Protection and BackupAssist. I strongly recommend that SMBs make the investment in such solutions.
Offsite, online backup services are the third leg of the 3-2-1 backup stool and, again, the differences in strategies deployed by enterprise-class companies and SMBs are considerable. Those with limited budgets and IT staff are looking for something reasonably priced, easy to understand, and uncomplicated to set up and maintain.
Commonly used offsite, online enterprise-class solutions are, for most SMBs, unrealistic. Amazon AWS S3 pricing is confusing and expensive, and seems best handled through third-party AWS partners like CloudBerry Lab's CloudBerry Backup. Even then, separate storage space and backup software purchases are needed, adding extra complexity. Microsoft's Azure Backup seems more reasonably priced and user-friendly, but still not ideally suited for general SMB situations.
Add to that the fact that many SMBs simply do not trust Internet titans like Microsoft and Amazon to have their best interests at heart. Many would prefer to use some of the smaller, one-stop backup shops which, while seeming merely cheap and cheerful on the outside, actually do excellent work.
While I'm sure that many worthy online backup alternatives exist, I cannot know them all. Based on my personal experience and study, I have narrowed the SMB offsite online backup field to three choices:
Keep in mind that I don't get paid by any companies for any of my recommendations. Maybe I should, like the thousands of installations of Avast and Avira I've facilitated over the years, but I don't. I made those recommendations based on what I thought was best for the customer and the situation at hand, but no company has ever paid me to use or recommend their products.
For SMBs concerned with fighting ransomware, the differences between Carbonite, Crashplan and Backblaze are too small to fuss over, so I'm not going to declare a "winner." I have personally seen customers attacked by ransomware, but because they had one of these fine solutions already in place, defeating the ransomware and getting back to business as usual brought many smiles all around. Take a look, and pick whichever one you are attracted to; they are all great services.
With these services, SMB secure backups could not be easier. All three are affordably priced, easy to set up, easy to use, easy to maintain and meet all the criteria outlined above. Pick any one of the three and you'll have a level of ransomware protection that puts you far ahead of the pack.
For those needing more than the typical small-business solutions, and moving into the "middle" or "enterprise" realms, I like to start with the Dell EMC Data Domain Products, like the entry-level DD3300 at $8,828. These are serious cloud-enabled hardware appliances offering high-end ransomware-proof backup solutions. For businesses moving to the next level, this is how it's done.
Remember, removing ransomware is easy. Repairing the damage done by ransomware, and getting your business back, is not. Plan ahead now, and be happy.
To learn more about Small- and Medium-Business security, check out this podcast “Cybersecurity for SMBs | Episode IV - An Intro into Cybersecurity for Your Business”:
About Dave Moore
Dave Moore has been providing IT services in Oklahoma since 1984. As founder of the Internet Safety Group, he has been teaching Internet safety workshops for public and private organizations since 2008, and has written his weekly newspaper column, “Computer Sense,” for The Norman Transcript since 2005.