Home 5 ICT 5 Ransomware – The 3-2-1 rule ( Page )

Ransomware – The 3 -2 -1 rule

According to the Cybersecurity and Infrastructure Assurance Agency (CISA): “Ransomware is an evolving form of malware designed to encrypt files on a device in order to render files and the systems that rely on them unusable .

Malicious actors then demand a ransom in exchange for decryption.

Ransomware actors often target and threaten to sell or disclose exfiltrated data or authentication information if the ransom is not paid.

Media coverage of the spread of cryptographic ransomware is increasingly raging; ransomware attacks are now a huge business, with the world experiencing an attack every 11 seconds and in 2021 to date, an estimated $6 trillion worth of data has been moved.

During times of crisis, many hackers take advantage of upheaval and unrest to achieve potential monetary gain. For example, with the onset of the COVID-19 crisis in 2020, there has been an increase in cyber attacks in the healthcare industry.

Trojan malware such as CryptoLocker are example variants used to attack companies. The gateways to these attacks are often security holes in web browsers and their plugins or email attachments that are inadvertently opened. Once inside the company, ransomware can spread at lightning speed and start encrypting valuable data. The advice is always the same: implement a solid backup and recovery strategy from ransomware and thus be protected from data loss .

Given the critical role of data, the “1” in the 3-2-1 Rule plays a critical role!

What does the 3 – 2 – 1 rule provide for?

This rule is attributed to Peter Krogh, a photographer widely regarded as a Digital Asset Management (DAM) expert. While Krogh is certainly not the first person to realize the benefits of storage solutions, he is responsible for the catchy name described in his book, The DAM Book: Digital Asset Management for Photographers.

The rule reads:

– 3 copies of your data should be maintained

– 2 independent storage media should be used

– 1 backup copy should be stored off-site

3 copies of your data should be retained

The reason to keep three copies of your data (primary plus two backups) is to minimize risk by playing the game of probability. If you keep your primary data on one device, you have a 1/100 chance of losing your data. Keep a secondary device and your chances of losing data drop to 1/10,000.

2 independent storage media should be used

In the scenario above, we imagined that there were no common causes of failure on all devices. Of course, this is the real world, and often when one drive fails another one fails shortly after, Murphy is always watching!!!

“Inside every small problem is a bigger one that is struggling to come out.”

Rule 3-2-1 recommends using two types of storage to avoid this scenario!

1 backup copy must be stored offsite

Storing all your data in one location is like putting all your eggs in one basket. This is not a wise strategy!

Physical separation between copies is a necessity, especially for small and medium-sized businesses (SMBs) that do not have remote or branch locations in which to store backups.

For these SMBs, storing backups online in the cloud is an ideal solution.

The backup architecture should be designed to ensure that the primary backup device is always used to write the most recent copies of the data and is used for quick restores. At a later date, the data will be copied to a second backup device using Backup Copy Jobs.

Backup repositories should also be protected as much as possible from ransomware attacks.

Access rights to the backup repository server should be limited so that only a Veeam service account has access to the server and file system.

In the case of NAS systems, only the Veeam service account should have permissions to the backup repository.

For security reasons, working on a local desktop with a system administrator is absolutely not recommended as it can lead to the rapid spread of ransomware in the network.

Many administrators disable the Windows Firewall by default as soon as the Windows installation is completed. This built-in mechanism can provide protection against attacks from the network through Windows security holes. It is considered a best practice to take some time to enable the necessary inbound and outbound requirements in the Windows Firewall.

Prevent, detect and recover from ransomware attacks


Latest news about Whiteboard

The Microsoft Whiteboard tool evolves by adding new features that make even more key this tool that perhaps is little “exploited” in its full potential but especially in what is its goal, which is the simplification and inclusion at 360 ° in what is the WorkStream

read more

101 success stories in Ticino

I’ve always worked in IT and computer science in general. Initially at Mikron in Agno where I was an apprentice machine designer, then I moved to the IT department. After this experience I moved to the IT department of a bank in Lugano and, in parallel, I deepened my path in the Swiss Alpine Rescue.

read more