Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Backups – First Line of Ransomware Defense

July 20, 2021

The word of the day is ransomware. It is no secret that ransomware attacks are on the rise. The news is filled with stories of attacks demanding millions of dollars in ransom to restore systems. But ransomware attacks are impacting small business users too and not just the mega companies like Colonial Pipeline.

One of the first lines of defense against ransomware attacks is a good backup. KrebsonSecurity has posted information to help you avoid a ransomware payment. A properly configured backup that is isolated from potential ransomware encryption should be at the top of your list. Krebs strongly recommends testing those backups to make sure you can actually restore data and properly recover. Fabian Wosar, CTO at Emsisoft, said “In a lot of cases, companies do have backups, but they never actually tried to restore their network from backups before, so they have no idea how long it’s going to take.” Bill Siegel, CEO and co-founder of Coveware, further added that clients who end up paying the ransom “either don’t have properly configured backups, or they haven’t tested their resiliency or the ability to recover their backups against the ransomware scenario.” In other words, backups are key.

Besides properly engineered and tested backups, consider implementing an EDR (Endpoint Detection and Response) solution. EDR is not the same thing as A/V protection. EDR uses AI, machine learning, etc. to monitor computer activity for symptoms of a ransomware attack and takes action to isolate the event to limit impact and spread. Some solutions have the ability to roll back to a prior known good state and utilize the services of a SOC (Security Operations Center) to increase effectiveness.

Today is a good time to analyze your current computer systems and make sure you are doing things to prevent and recover from a ransomware attack. It’s not a matter of if, but when.

Email:  Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com