Part 2: Complete Ransomware Recovery Guide

Establish Your Backup Strategy

In the first blog post of our Ransomware Recovery series, The Complete Ransomware Recovery Guide, we talked about proactively implementing password management and multi-tier Protection Groups (PGs) to speed up the recovery of your critical systems after a ransomware attack. In this post, we’ll discuss backup and retention policies for a low Recovery Point Objective (RPO).

RPO signifies the data loss threshold for an organization. A 5-minute RPO means that an organization will tolerate a loss of data collected up to 5 minutes before complete system failure. The ability to recover your data with minimal loss, or a low RPO, will depend on the frequency and retention of your snapshots. While security and immutability of these snapshots are always important, your backup and retention policies will directly determine your RPO. 

 

Configure Your Snapshot Frequency

The only real option to recover from ransomware is to go back in time – meaning, you need a clean, unencrypted snapshot from before the ransomware infection (or the encryption event following the infection). The more frequently your backup system takes snapshots, the higher the chance that you’ll recover with a minimal loss of data. Make sure that each snapshot is immutable (unchangeable) and able to serve as a standalone backup. 

 

Establish Your Retention Strategy

The longer you retain your backups, the easier it will be for you to find one taken moments before the actual infection or encryption event. 

We recommend a multi-tier retention policy with:

  • Weekly snapshots and monthly retention for VM recovery 
  • Daily and hourly snapshots with daily or hourly retention for data recovery with a very low RPO

Keep in mind that increasing the frequency of snapshots and retaining them longer will increase storage requirements. Therefore, you should always consider your company’s SLAs, compliance requirements, storage budget, and executive approvals before making such adjustments.

In our next blog post, we’ll cover replication and data protection options to protect all on-premises and cloud workloads, with backup and failover to another physical data center or the public cloud.

You can download the complete guide for free. You’ll get detailed instructions and examples of backup and retention policies for a low RPO.