{"id":17777,"date":"2020-12-17T21:22:25","date_gmt":"2020-12-17T17:22:25","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/why-backup-is-not-enough\/17777\/"},"modified":"2020-12-17T21:22:25","modified_gmt":"2020-12-17T17:22:25","slug":"why-backup-is-not-enough","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/why-backup-is-not-enough\/17777\/","title":{"rendered":"Why backups aren&#8217;t enough"},"content":{"rendered":"<p>Even newborn babies seem to know the word <em>ransomware<\/em> these days \u2014 it appears in newspapers, magazines, infosec reports, and pretty much everywhere else with alarming regularity. And we may have dubbed 2016 the <a href=\"https:\/\/www.kaspersky.com\/blog\/fighting-ransomware\/13525\/\" target=\"_blank\" rel=\"noopener nofollow\">Year of Ransomware<\/a>, but it turned out to be nothing in comparison with <a href=\"https:\/\/www.kaspersky.com\/blog\/predictions-threat\/20593\/\" target=\"_blank\" rel=\"noopener nofollow\">2017<\/a>. After a relatively quiet 2018 and 2019, 2020 saw ransomware again making headlines.<\/p>\n<p>Our corporate blog contains <a href=\"https:\/\/www.kaspersky.com\/blog\/tag\/ransomware\/\" target=\"_blank\" rel=\"noopener nofollow\">dozens of articles<\/a> about ransomware, almost all of which offer three general tips:<\/p>\n<ol>\n<li>Use good protection.<\/li>\n<li>Never download suspicious files from suspicious sites or open suspicious attachments in e-mails from suspicious people, and teach your employees to do the same.<\/li>\n<li>Back up data regularly.<\/li>\n<\/ol>\n<p>From time to time, I hear objections of the following nature: Protection and employee awareness are all well and good, but why bother strengthening protection and training employees when we can just back everything up regularly? We back up all the time anyway, and if we get hit by ransomware, we\u2019ll just restore everything, so what\u2019s the big deal?<\/p>\n<p>Here\u2019s the big deal.<\/p>\n<h2>Backups have to be recoverable<\/h2>\n<p>Backups are, of course, necessary. But did you ever try restoring your company\u2019s infrastructure from a backup? It might not be as easy as it sounds\u00a0\u2014 and the more computers and infrastructure heterogeneity you have, the more difficult the task becomes. Experienced IT pros have all probably faced a backup not quite restoring everything, or not restoring everything quite as expected. The process is certainly never as quick as they hope. And sometimes backups don\u2019t work at all.<\/p>\n<p>Anyone who\u2019s ever stepped on the proverbial backup rake knows they have to check the integrity of backups regularly, to do some practice runs resurrecting the server in a staging environment, and generally to make sure that if it becomes necessary, recovery won\u2019t take too long. And those who\u2019ve never tried to execute recovery from a backup should really not rest easy; their backups are unlikely to help when the heat is on.<\/p>\n<p>Here\u2019s another problem with relying on a backup: If the backup server lives inside the network perimeter, then ransomware will encrypt it along with all other computers in the network, which means a farewell to recovery plans.<\/p>\n<p><strong>Your bottom line<\/strong>: Maximize your likelihood of a quick rollback by segmenting the network, making backups wisely, and performing test recoveries.<\/p>\n<h2>Recovery means downtime \u2014 and downtime is expensive<\/h2>\n<p>For large companies with diverse devices and infrastructure, a quick recovery is unlikely. Even if the backup functions perfectly, and you sweat blood to restore everything, it will still take quite a while.<\/p>\n<p>During those weeks (yes, we\u2019re probably talking about weeks, not days), the company will be idle. Some will guesstimate the cost of such downtime as less than that of paying the ransomers (<a href=\"https:\/\/www.kaspersky.com\/blog\/no-no-ransom\/13364\/\" target=\"_blank\" rel=\"noopener nofollow\">we strongly advise against that<\/a>). In any case, downtime after a ransomware attack is unavoidable; it\u2019s impossible to decrypt and get all systems and services running again straight away, even if the cybercriminals are kind enough to provide you with a decryptor. n the real world, cybercriminals <a href=\"https:\/\/www.kaspersky.com\/blog\/undecryptable-files\/26040\/\" target=\"_blank\" rel=\"noopener nofollow\">aren\u2019t kind<\/a>, and even if they are, the decryptor doesn\u2019t necessarily work as intended.\u201d Is that OK<\/p>\n<p><strong>Your bottom line<\/strong>: To avoid ransomware-related downtime, don\u2019t get infected by ransomware. (But how? The answer is protection and employee awareness!)<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kasap\">\n<h2>Modern ransomware is worse than just encryptors<\/h2>\n<p>Ransomware gangs used to target mainly end users, demanding <a href=\"https:\/\/www.kaspersky.com\/blog\/ransomware-infographics\/13315\/\" target=\"_blank\" rel=\"noopener nofollow\">about $300<\/a> in cryptocurrency for decryption. However, they have now discovered the joy of attacking companies, which can pay \u2014 and are more likely to pay \u2014 much larger ransoms. And some of those cybercriminals have no scruples about going after organizations on the medical front line: This year has seen many hospitals attacked, and recently a company in the coronavirus vaccine supply chain was <a href=\"https:\/\/threatpost.com\/attacks-covid-cold-chain-orgs\/161838\/\" target=\"_blank\" rel=\"noopener nofollow\">hit<\/a>.<\/p>\n<p>Modern ransomware <a href=\"https:\/\/www.kaspersky.com\/blog\/ransomware-incidents-2020\/37589\/\" target=\"_blank\" rel=\"noopener nofollow\">does more than encrypt<\/a>\u00a0\u2014 it lurks in networks and siphons off every bit of data it can sniff out. The data is then analyzed and used to blackmail companies with encryption, leaks, or both. Failure to pay, the ransom message might say, will result in the publication of clients\u2019 personal data or the company\u2019s trade secrets. Even if not fatal, that would stain the company\u2019s reputation, perhaps permanently. As well, such a leak will result in some very unpleasant conversations with GDPR compliance regulators and the like.<\/p>\n<p>If an intruder decides to leak corporate secrets or users\u2019 personal data, having backups won\u2019t help you. Furthermore, if you store backups in a place, such as a cloud, that\u2019s relatively easily reached by an insider, they too could provide attackers with the information they need to blackmail you.<\/p>\n<p><strong>Your bottom line<\/strong>: Backups are necessary, but they alone are not enough to protect your business from ransomware.<\/p>\n<h2>Three pillars of security against ransomware<\/h2>\n<p>Once again, because there is no silver bullet against ransomware, our advice remains the same: Backing up is absolutely necessary but must be done correctly, with diligence and recovery rehearsals. Part of that diligence is knowing the details of your backups: how often your company backs up its data and where the backups are stored. All relevant employees must also know exactly how to restart operations quickly.<\/p>\n<p>Protection is also a must\u00a0\u2014 not just reactive but proactive protection that keeps threats from gaining a foothold in the network. Training employees in the basics of cybersecurity, and regularly checking their knowledge, is no less vital.<\/p>\n<p>In short, your security comes down to the same three words: backup, protection, awareness. All three need to be in place, and when they are, you can confidently say you\u2019re employing optimal antiransomware security strategy.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial\">\n","protected":false},"excerpt":{"rendered":"<p>Why backing up is good but not enough when it comes to staying safe from ransomware.<\/p>\n","protected":false},"author":2540,"featured_media":17778,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1917,1486],"tags":[433,2394,521,692],"class_list":{"0":"post-17777","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"category-threats","10":"tag-ransomware","11":"tag-ransomware-trojans","12":"tag-threats","13":"tag-trojans"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/why-backup-is-not-enough\/17777\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/why-backup-is-not-enough\/22284\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/why-backup-is-not-enough\/8833\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/why-backup-is-not-enough\/23948\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/why-backup-is-not-enough\/22036\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/why-backup-is-not-enough\/20761\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/why-backup-is-not-enough\/24429\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/why-backup-is-not-enough\/23614\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/why-backup-is-not-enough\/29686\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/why-backup-is-not-enough\/9151\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/why-backup-is-not-enough\/38121\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/why-backup-is-not-enough\/16150\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/why-backup-is-not-enough\/16755\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/why-backup-is-not-enough\/14310\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/why-backup-is-not-enough\/25942\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/why-backup-is-not-enough\/12387\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/why-backup-is-not-enough\/29769\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/why-backup-is-not-enough\/26522\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/why-backup-is-not-enough\/23229\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/why-backup-is-not-enough\/28628\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/why-backup-is-not-enough\/28438\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/ransomware\/","name":"ransomware"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/17777","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2540"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=17777"}],"version-history":[{"count":0,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/17777\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/17778"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=17777"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=17777"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=17777"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}