You need offsite / off line backups!

RANT
Two Epicor users that I know off have been hit in the last couple of weeks with Crypto Malware that takes out all their servers including their backups. Everything is encrypted… and gone in a matter of minutes.

Please please please if you are not doing offsite / off line backups already stop whatever you are doing RIGHT NOW and get it done… even if you just take a backup into a thumb drive and stick it in a drawer once a week.

You need OFFLINE BACKUPS just because you have a backup server in a different plant “OFFSITE” if that box is connected to your network that is not good ENOUGH…

Remember the rule 3, 2, 1

3 Copies of your data
2 different formats/media
1 off line/offsite

PLEASE DO YOURSELF A FAVOR AND BACKUP BACKUP BACKUP but do it OFFLINE / OFF SITE!!!

I don’t care what backup software or strategy you have if your backup location can be reached via a direct connection from your network that is NOT good enough.

END RANT

10 Likes

It’s the next generation of protecting your business.
I have had customers come to me in the past when an employee disappears with the source code to an external integration they had that was made by a disgruntled employee who poofed with the source code.

As I have been working more with our cloud ops folks inside and with MSFT, it’s amazing the lengths you have to go to these days.

About on-site backup, some NAS do have a “snapshot” function. Even the latest backup copy is encrypted by ransomware, you can still recover from the snapshot last scheduled.
Of course it is different from off-site backup but is a nice plus.

1 Like

But what if the backup snapshot also gets cryptolocked?

That’s highly dependent on the methodology used for backup. If the NAS is being utilized in a way where the datastore itself is not visible to the OS then the snapshots will not be accessible to the malware.

Safe to consider an automated tape library as “off line” ?

I’d be impressed if the malware was written such that it forced the tape drive to load each tape and erase it.

IDK @ckrusen some of the sh*t I’ve seen. In one instance they were using a very “robust” backup system that requires specialized commands to purge the backups but they figured it out and did it…
I’d feel better if it was actually offline and coudn’t be loaded via software… but I’m probably being paranoid / have PTSD

1 Like

So sad that keeping tapes or other media offline in a fire proof safe is now more robust than all the offsite always on, always available solutions via direct/indirectly connected storage.

The biggest challenge in all this is the gap between wider business management understanding of data/ system backups and what actually happens - business pay a reasonable amount of money for high availability, off site backup and replication on the basis that they can quickly recover, with minimum impact from a failure. If these backups/replicated copies are basically encrypted copies of your infected systems and you have to rely on an offline backup, your business may be surprised that they have to rekey/redo transactions for the period of time since he off line backup - a robust well communicated back and DR strategy is a must.

2 Likes