Both on-premises and cloud networks need backup solutions that allow you to recover from ransomware attacks quickly. One option is to use the Azure Backup Agent. Credit: Microsoft / Just_Super / Getty Images You’ve seen the headlines of how businesses were harmed by ransomware. Ransomware depends on encryption; there is a public key and a private key. Unless you have the private key, you can’t readily get your data back. Any time you hear someone say that they went to a site such as nomoreransom.org and got their data back, it was because some organization was able to obtain the private key and post it there. You can’t always depend on that situation.You can take steps to avoid ransomware, including ensuring that you look carefully at emails that include links, educating your users to recognize questionable email messages, staying current on software updates, and not exposing port 3389 (remote desktop) directly on the web.If all that fails and you fall victim to ransomware, there is a guaranteed way to recover from it: having a good backup. It is the best way to recover from a ransomware attack. Recently, the Maersk company recovered from a devastating ransomware attack, but not with a backup. They had none. Amazingly, they were able to recover their domain using a single domain controller that was not connected to the internet at the time of the ransomware infection. Maersk got lucky.Maersk’s backup strategy was trust in synchronization. Enterprises often don’t back up domain controllers, but merely put another online and synchronize it in the network. The “backup” in their eyes is another copy of Active Directory in another location. They never anticipate that their entire domain would be infected to the extent that they needed a backup. As we move from traditional domain controllers and on-premises computers to cloud services and situations where data is synchronized across systems, take the time to review how you do backups and change your solutions accordingly.Backup steps for cloud environments that rely on synchronization and distributed filesEnsure you have versioning. Cloud services often rely on synchronization. If you are a victim or a ransomware attack, you need to be able to roll back to a prior version. Versioning may not be default and may not be set up to have the number of versions you will need.Ensure you know how to disable the synchronization client. In the case of SharePoint, you want to temporarily stop the synchronizations if someone hasn’t yet caught the new changes.Review options for third-party backup solutions for cloud platforms. The vendor that provides you with a cloud service may not backup your files as often as you like, or the recovery process may take time to open support tickets and wait for their technicians to perform the steps to recover the files. Most cloud solutions also have third-party vendors sell cloud-based backups. This gives you additional options to recover.Backup steps for on-premises systemsEnsure that your backup solution uses a different user account than the logged-in user. Most ransomware attacks come in from a user and whatever that user has access to is encrypted. Often the first step to determine who has accidentally infected the network is to find any encrypted file, right-click on it and look at the properties of the file. The owner of the file will be the person that infected the network. This will help you understand the impact on the network and whether it is widespread or limited.Ensure you have multiple methodologies to back up files. These days you can add an Azure backup to nearly any platform (even Windows 7) by downloading KB3015072 on Windows 7.1, Windows 8.1. You then go to the Azure portal, set up an account, set up a password to properly secure the data in the Azure portal and back up the data online. Susan BradleyAzure backup reportAzure backup can back up virtual machines as well as physical machines. To set up an Azure backup, sign up for a trial and follow the step-by-step instructions. Use the headlines of ransomware to force a reevaluation of your backup methodologies and processes. Don’t be the business that has no other option than to pay the ransom. Have a backup. It sounds so simple and yet it’s overlooked by so many. Related content news analysis Attackers breach US government agencies through ColdFusion flaw Both incidents targeted outdated and unpatched ColdFusion servers and exploited a known vulnerability. By Lucian Constantin Dec 06, 2023 5 mins Advanced Persistent Threats Advanced Persistent Threats Advanced Persistent Threats news BSIMM 14 finds rapid growth in automated security technology Embrace of a "shift everywhere" philosophy is driving a demand for automated, event-driven software security testing. By John P. Mello Jr. Dec 06, 2023 4 mins Application Security Network Security news Almost 50% of organizations plan to reduce cybersecurity headcounts: Survey While organizations are realizing the need for knowledgeable teams to address unknown threats, they are also looking to reduce their security headcount and infrastructure spending. By Gagandeep Kaur Dec 06, 2023 4 mins IT Jobs Security Practices feature 20 years of Patch Tuesday: it’s time to look outside the Windows when fixing vulnerabilities After two decades of regular and indispensable updates, it’s clear that security teams need take a more holistic approach to applying fixes far beyond the Microsoft ecosystem. By Susan Bradley Dec 06, 2023 6 mins Patch Management Software Threat and Vulnerability Management Windows Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe