Even though 2017 has come to be known as the year for Ransomware, companies still continue to deal with the threat of Ransomware every day. There are ways to protect your data from Ransomware should your company ever have to deal with it. One potential solution for prevention is the following:
One method, or a proactive measure, is to isolate communication to your backup server. The way that this can be achieved is to have your main file sharing server back up to another server communicating on a separate VLAN. This will prevent other computers and servers on your LAN from communicating with, and potentially spreading ransomware to your backup server. I’ve illustrated a simple network diagram shown below that scales well from small businesses to larger corporations.
Network Diagram of Anti-Ransomware Backup Solution
How This Strategy Prevents Ransomware
This backup solution prevents the Ransomware from spreading through isolation. Communicating on a secure VLAN separate from the LAN will prevent the ransomware from spreading to your backup server. Configuring the servers and the firewall to prevent cross communication between the two isolated networks is what makes this secure. This won’t prevent Ransomware from hitting your Local Area Network, but it will protect your data that is backed up on the backup server (hopefully daily!).
In order for this to work properly, your NTFS permissions should be set correctly between the Backup server and the NAS server doing the file sharing. For additional redundancy, you can also consider securely backing up to the cloud from the backup server. There are numerous software solutions that can help you achieve this such as SyncBackPro and Cloudberry. Hopefully this has given you a potential proactive measure against Ransomware.