CloudBerry Ransomware Protection

If you’re in IT then chances are you’ve read and seen a lot about Ransomware – in fact it’s one of our favorite topics on this blog. The reason for us writing yet another blog about ransomware is to outline the best way to achieve CloudBerry ransomware protection.

Firstly; let’s go through some things about ransomware.

What is ransomware and why is protection required?

Ransomware is a form of malware (malicious software) that hackers use to prevent access to user and business data. The intended way to get access back to the data is by paying the hackers a fee for the decryption method. In essence; you’re paying to gain access to your data which doesn’t sound at all reasonable (not only that…but encourages it to continue if payment is actually made). While it may have been around for a number of years; the impact of ransomware world wide in 2019 is only increasing.

This is why it’s vital to have some form of protection from ransomware.

Common methods to protect from ransomware

There are a number of ways to try and counter ransomware. While no one solution will be effective by itself; a combination will give any business, IT service provider or home user the best chance to prevent and recover from ransomware.

Ransomware Prevention Techniques

  1. Install and frequently scan your system with reputable anti-virus and anti-malware software.
  2. Always install (even though it seems to happen at the most inconvenient times) updates and patches to operating systems and software applications on your systems.
  3. Use a spam filter and e-mail scanner to try and stop e-mails that could potentially be attempting to distribute ransomware from being delivered to your (or your users) inbox.
  4. Educate yourself and your users on the latest techniques being used to dupe people into accepting ransomware malware unintentionally.

CloudBerry Ransomware Protection Techniques

The number one technique to use to recover from a ransomware attack is to recover all infected data and systems from a backup. The best backup solution to counter ransomware is CloudBerry Online Backup. Below we’ll outline what a user needs to do to ensure their CloudBerry backups can be used in the event of a successful ransomware attack on your system.

Backup to multiple (preferably both local and cloud) destinations

While the beauty of CloudBerry Online Backup is its integration with a number of cloud storage providers; it’s also possible to backup to local storage as well.
As with all decent backup strategies; relying on one backup destination could potentially cause problems.

The benefit of using multiple destinations is that if one becomes unavailable for some reason; the other can be relied upon.

Air-gap at least one copy of your backups

Ransomware is known to also infect backup data; meaning that it’s unusable in recovering from a ransomware attack.
To ensure that this doesn’t catch you out; it’s recommended to have at least one backup ‘air-gapped’. Essentially an air-gap is simply meaning that it’s not connected in anyway to a machine, LAN or the Internet.

This way it isn’t accessible to anyone or anything directly; meaning that it’s not able to be encrypted or corrupted during a ransomware attack. The easiest way to achieve an air gap is to backup to rotating media (like USB hard drives).

Essentially follow the 3-2-1 Backup Rule

Read more about 3-2-1 here.

Backup Plan Settings and Configuration

There are some settings within the actual backup plan within CloudBerry Online Backup. These are specifically around Retention Settings which can be found when creating or editing a backup plan:

CloudBerry Ransomware Protection Retention Settings

Keep number of versions (for each file)

Make sure that you keep a minimum of two (2) versions of each file. The reason for this is that older versions of files won’t be overwritten by files which may have been infected by a ransomware attack.

Delete Versions Older Than

It’s recommended to configure the Delay Purge option for at least 7 days (or if possible, longer). This means that while a file is set for deletion; it’ll still be available for some time – giving a chance that if a ransomware attack goes undetected for a few days then the chances of still having an un-affected version in backup storage is greatly increased.

Delete Files that have been deleted locally

It’s recommended to configure Delete After to at least 30 days. The reason for this is that ransomware renames files (so the original file appears deleted). By delaying the deletion on the backup storage; the ransomware attack doesn’t impact the backup data indirectly and it’s still able to be recovered from.

Test My Backups and CloudBerry Online Backup

If you’re located in Australia or New Zealand; then the easiest way to backup your data is by using CloudBerry Online Backup provided by Test My Backups. Sign up for your free Managed Backup Services account and 15 day trial of the software; or contact our team to arrange a demo today.

Test My Backups is the official partner of CloudBerry Lab in Australia. The benefits of purchasing from a local partner include:

  • Providing experienced, local sales and technical support in your timezone.
  • No currency fluctuations. Purchase in AUD and NZD without any exchange rate surprises.
  • We know the local requirements of data protection in the ANZ market.

Have you been through a ransomware attack? What happened? Share your story below and join the conversation.