I recently published over on my company’s blog: Hardening Backups Against Ransomware
Organizations should assume that a successful ransomware attack will corrupt and take offline all core IT capabilities. Active Directory & other identity systems. File servers. Line of business applications. Databases. Internal networking. Password managers and Privileged Access Management (PAM) systems. Et cetera.
To successfully recover from this “everything is down” situation, an organization must achieve four key objectives before any attack:
- Perform Backups of Critical Systems: Regular backups of critical systems and data must be performed, including core infrastructure such as the organization’s identity provider (e.g., Active Directory, etc.), DNS, DHCP, and related foundational capabilities.
- Harden Backups Against Destruction: Backup data must survive the ransomware or destructive cyberattack.
- Access Backups in an Emergency: The organization must be able to access the backups when production networks and critical IT infrastructure are down, encrypted, or otherwise inaccessible.
- Recover at Scale After a Disaster: The organization must be able to restore critical IT capabilities and datasets from backups at enterprise scale following a major incident.
Read the full post at https://trustedsec.com/blog/hardening-backups-against-ransomware