Ransomware in the Public Sector – Backup Methods
On May 7th, Baltimore City made the stark realization that they had become the victims of ransomware. City officials have told the public that it could take months of work to get all of their systems online. Many professionals in the field of cybersecurity believe that the attack was not targeting Baltimore specifically. This may bring comfort to some people but when you work in the field like I do, it worries me.
Governmental agencies do not have the best reputation for quickly adapting to the world in which we live. Technology evolves rapidly. That is why it is crucial for the public sector to find a way to address new vulnerabilities in a time sensitive manner. Baltimore City was not prepared for this attack and they are paying for it. What happens if a local municipality suffers the same fate?
I will be writing a series of blogs dedicated to ransomware. My aim is to design a checklist that town and city managers can look over to quickly assess the security of their network infrastructure. If you are a town or city manager of a small municipality I encourage you to follow these posts and make sure you are performing your due diligence.
This post is dedicated to backing up your data.
Back It Up!
If this was a typical blog post I would have probably started with methods of preventing a ransomware infection in the first place. There is no such thing as 100% security and with that in mind, I felt it was more important to start with the methods used to backup data.
Redundancy is key. Some variations of ransomware will actually look for backup systems to encrypt and lock. The infection may start with a desktop, work its way into a network share and from there infect servers. That is why it is important to utilize both a local backup system as well as a cloud backup system such as iDrive or Carbonite.
Full Backup, Incremental Backup and Differential Backups
There are multiple methods of backing up data. When “Full Backup” is performed it makes a copy of all the data.
“Incremental Backups” start by performing a “Full Backup” and then only backs up data that has changed since the first backup. This creates a chain of backups. The next time an “Incremental Backup” is performed it will only include the data that has changed since the last “Incremental Backup”.
“Differential Backups” start in the same way by performing a “Full Backup” and from there only backing up data that has changed since the first backup. The difference between the “Incremental Backup” and “Differential Backup” is that the “Differential Backup” includes all of the data that has changed since the last “Full Backup”.
There are pros and cons to each form of these backup methods. The most important thing to note is that whichever method you choose, you ensure that it is done routinely. It is also critical to ensure that the backups are completed successfully without errors. A good practice is to routinely run practice data restores so that you can test the integrity of the backup.
Here is a quick list of items for you to check off:
- Are you currently backing up your data on a routine basis?
- Do you utilize multiple methods of backing up that data?
- Local Backups
- Cloud Backups
- What type of backup are you using?
- Full Backups
- Incremental Backups
- Differential Backups
- Are you running routine test data restores to test the integrity of your backups?
- How long do you keep your data backups before archiving or deleting them?
If you need more information on backing up your data I highly recommend contacting a professional to ensure that it is done correctly. In the event that your town or city becomes the victim of a ransomware attack, your backups may be your saving grace.
Thanks for reading!