lolloj - Fotolia
Ransomware. Just the word quickens the pulse of every Windows administrator who might have lingering doubts about the effectiveness of their security approach.
Many IT folks lose sleep over the effectiveness of their ransomware protection setup, and for good reason. Your vital Windows systems keep most companies running, and thoughts of them going offline will have many IT pros staring at the clock at 3 a.m.
Unfortunately, ransomware will hit you in some capacity, despite any measures you take, but it's not a futile effort to shore up your defenses. The key is to fortify your systems with layers of security and then to follow best practices for both Windows and your backup products to minimize the damage.
Give a closer look at your backup setup
Backups are something companies make with the hope that they are never needed. Oftentimes, backups are a secondary task that is shuttled to an ops group to be done as a daily task that is a checkbox on some form somewhere. This is how trouble starts.
You need to make backups, but another part of the job is to secure those backups. A backup server or appliance is a very tempting target for attackers who want to plant ransomware. These servers or appliances have network access to pretty much everything in your data center. It's your company's safety net. If this massive repository of data got encrypted, it's likely the company would pay a significant amount to free up those files.
Most backup products are public, which means ransomware creators know how they work, such as how the agents work and their paths. With all that information, an attacker can write software tailored to your vendor's backup product.
Now, most backup offerings have some level of ransomware protection, but you have to enable it. Most people find the setting or steps to protect their data after the backups have been wiped. Don't wait to verify your backup product is secured against ransomware; do it today.
An old security standby comes to the fore
This also brings up a secondary practice: air-gapping.
This methodology was popular in the days of tape backup but fell out of favor with the introduction of replication.
Some would argue that data that is several weeks or several months old has little value, but is the alternative -- no data -- any better? Anyone with IT experience who has seen organizations wiped out after a ransomware attack might change your mind if you feel old data is not worth having in an emergency.
Windows Server 2019 ransomware protection settings.
A small network-attached storage product you use for a data store dump every six months and lock away suddenly doesn't sound like such a bad idea when the alternative is zero data. It's a relatively inexpensive addition to the data center used as an extra repository of your data.
Think of it this way: Would you rather get hit with ransomware and lose a few months' worth of data or all 15 years? Neither is a great situation, but one is much preferred over the other. These cold backups won't replace your backup strategy, but rather supplements it as a relatively economical airgap. When it comes to ransomware, more layers of safeguards should be the rule.
Air-gapping is a practice that is not followed as closely now with the pervasiveness of online deduplication backup products. For organizations that can afford them, these offerings often replicate to online backup appliances in remote locations to make the data accessible.
Don't overlook built-in ransomware protection
There are more than a few ways to mitigate the ransomware threat, but using a layered approach is recommended.
These malicious applications quickly move east-west across flat networks. Internal firewalls, whether physical or virtual, can do a lot to stop these types of attacks.
An often-overlooked option is the Windows firewall. When it first came out, the Windows firewall had a few stumbles, but Microsoft continued to develop and improve it to build a solid software firewall. This is a low-cost offering that is free but does require some administration work. The Windows firewall is not going to stop all possible ransomware, but very few products can.
Looking at the big picture, the Windows firewall gives an additional layer of protection against ransomware. It's already there and should have little performance impact.