Getting Back Up With Remote Backup

Imagine for a minute you walk into the office, sit down at your desk, turn on the computer and try to connect to the file server. After a few attempts and a double take, you begin to realize it is not there… Not a good way to start the morning so far right? As you dig further you discover everything is gone! All of your customer information, corporate files, and pretty much all the data that your company relies on day to day is no longer there… IT IS GONE!

One of the first things we do we when we engage with a new customer is to talk about their disaster recovery plans. While we hope every client we begin to work with has a complete Disaster Recovery Plan, we realized that is not always possible or even economically feasible for certain customers. Our first objective regardless of client type or situation is to talk about a File Based Remote Back Up solution.

First, let’s start with File Based Remote Back Up. What is it? How does it work?

File based remote back up is a method of back up administered through an agent that lives on a server or client device that polls the file system for changes of files. It finds files that have changed since the last back up executed and it will submit a job containing those files and upload them to the remote backup server. The remote backup server is configured to maintain multiple dated versions of these backups for a specified period of time so that it can restore the latest or earlier versions of these files in the event of a deletion, loss, or other issue.

This allows for basic file level recovery in the event of a disaster, accidental deletion, or as we are more frequently encountering a ransomware cryptography attack.

Let’s talk specifically about that last one. Many of you may have heard the terms Ransomware, Cryptoware, or Crypto-Ransomware but if you have not, you should know about it. This is a new threat attacking and hitting both residential and corporate technology environments. It goes by many names “CryptoLocker” or “CryptoWall” being the most common. A good overview by Sophos can be found here: https://blogs.sophos.com/2015/03/03/anatomy-of-a-ransomware-attack-cryptolocker-cryptowall-and-how-to-stay-safe-infographic/ >

This ransomware is particularly evil. In a brief explanation what it does is infect a user’s machine or server and proceeds to go after your file system and encrypt the files by contacting a control server generating a set of private keys. These private keys are then used to encrypt your local file system, mapped shares drives, dropbox, etc spreading throughout the technology environment. The ransomware application then requests a Ransom to be paid in some method usually via bitcoin or other payment method. At the point in which the Ransom is requested the application starts a countdown timer and the remote criminal enterprise will delete the keys unless payment is received in time.

Once, these keys are deleted the files are unrecoverable. Even if you pay the ransom there is no guarantee of success and all you have done is incentivized them to make more advanced attacks and request larger ransoms.

Protecting against this threat is particularly tough, It is a continuous arms race against the ransomware. So, while stopping it before it starts is the best solution, there isn’t a real solution against preventing the attack. What you can do is plan for limiting the damage caused and increase the speed of your recovery.

How does remote file backup help?

Since the newer versions of the Ransomware go after shadow protect you need to have a non-connected remote back up target running. This gaped approach allows you to restore the compromised files up to your last successful back up point. Let’s talk about a general example.

Imagine you have 25 employees that all have access to a public drive with read/write permissions for some reason. Now you have a few more protected drives such as marketing, sales etc mapped to specific users or groups. Let’s say Sally in Marketing, who has access to the marketing drive and the public drive, gets infected. Sally’s machine has now encrypted both drives further spreading to other users throughout your network environment. Suddenly, every user starts calling saying they can’t open their word docs, excel files etc. You immediately revoke Sally’s access and power off her machine. If you are lucky you might have had shadow protect and was able to keep most of it. If not, you are in trouble…

This is where remote backup comes in to play. If you have remote back up you can restore these files to their latest back up point and get back to business. Now, if you didn’t have this or your back up solution consisted of an attached device or mapped share that backup would have been encrypted as well. This can be a devastating situation.

Your files are now “locked” leaving you with 2 options:

1. Paying the ransom which enables the criminal enterprise to keep operating
2. See if you can exist without these files.

As mentioned earlier even if you pay the ransom there is no guarantee of unlocking your environment. Neither option for an organization is a good one and in most cases rather crippling. A simple remote file base back up can save a company from a nightmare of problems such as Cryptolocker.

We cannot stress enough the importance of having an external remote back up implemented & part of your recovery plan. Considering the minimal cost of remote back up there is no reason why a company should not have it in place, especially when compared to the value of your data and continued operations of your business. Don’t wait for it to happen, be proactive with a plan in place.

If you would like to discuss in more detail please feel free to reach out to me directly or contact PCL Solutions at http://www.pclsolutions.com/disaster-recovery/