Backup recovery is your last line of defense to having to pay out a ransom to the attackers; it's your last bastion in the event that the worst has happened. Your ability to recover from this attack with minimal data loss and/or service interruption amounts to whether or not the system backups and/or disaster recovery sites were compromised as a part of the attacker methodology. Whether or not your backups were compromised depends on how well your backup systems and/or network and/or recovery sites were sufficiently segmented from your main network. Even in the event your organization does not utilize on-site backups at all, instead opting for cloud backup solutions (e.g. Amazon Glacier), if those cloud backup credentials are left in easily accessible locations, or if passwords are reused, our hypothetical adversary could easily delete all backup instances, resulting in 100% data loss if there is no other backup solution in place. The secure, off-site, enterprise backup solution could easily be defeated through password reuse and/or poor password management
|