In today’s interconnected world, where our professional lives revolve around technology, the threat of ransomware looms large. It is a profitable business for cybercriminals, causing billions of dollars in damages. You might not have been subject to a ransomware attack yet, but that may not always be the case—unfortunately, the odds are against you.

This comprehensive guide aims to empower you with the knowledge and strategies needed to prevent and recover from ransomware attacks. With preparation and the latest cybersecurity insights, you can safeguard your digital world.

In their 2023 Ransomware Trends Report, Veeam found that only 16% of organizations attacked by ransomware were able to recover without paying a ransom. That means, despite almost every business having backups of some kind, only one in six of them were able to use their backups to resume business operations after an attack. As a cloud storage company where many customers store backups, we think that number should be closer to 100%. That’s why we created this guide—getting that number closer to 100% starts with knowing what you’re up against and putting strategies in place to protect your business. 

The Ransomware Threat

In 2022, the FBI’s Internet Crime Complaint Center received 2,385 ransomware complaints with adjusted losses of more than $34.3 million, and those are just the ones that got reported. Cybersecurity Ventures expects that, by 2031, businesses will fall victim to a ransomware attack every other second, up from every 11 seconds in 2021, every 14 seconds in 2019, and every 40 seconds in 2016. This exponential rise in victims translates to nearly $265 billion in ransomware damages by 2031 according to Cybersecurity Ventures.

Individual and average ransom amounts are also reaching new heights. In Q1 2023, the average ransom payment was $327,883, up 55% from Q1 of 2022 ($211,529) according to Coveware, a cyber extortion incident response firm. And, 45% of attacks had an initial demand over $1 million. 

Ransomware affects all industries, from the public sector (state and local government and educational institutions) to healthcare and technology. No group is immune, as seen in the chart below.

Ransomware continues to be a major threat to businesses in all sectors, but the greatest impact continues to be leveled at small and medium businesses (SMBs). As the table below notes, a vast majority (66.9%) of all the companies impacted by ransomware attacks are SMBs with between 11 and 1,000 employees.  

Regardless of your firm’s size, you’ll want to understand how ransomware works, including ransomware as a service (RaaS), as well as how recent developments in generative artificial intelligence (AI) tools are changing the ransomware landscape.

Ransomware as a Service

Ransomware as a Service has emerged as a game changer in the world of cybercrime, revolutionizing the ransomware landscape and amplifying the scale and reach of malicious attacks. The RaaS business model allows even novice cybercriminals to access and deploy ransomware with relative ease, leading to a surge in the frequency and sophistication of ransomware attacks worldwide. 

Traditionally, ransomware attacks required a high level of technical expertise and resources, limiting their prevalence to skilled cybercriminals or organized cybercrime groups. However, the advent of RaaS platforms has lowered the barrier to entry, making ransomware accessible to a broader range of individuals with nefarious intent. These platforms provide aspiring cybercriminals with ready-made ransomware toolkits, complete with user-friendly interfaces, step-by-step instructions, and even customer support. In essence, RaaS operates on a subscription or profit-sharing model, allowing criminals to distribute ransomware and share the ransom payments with the RaaS operators.

The rise of RaaS has led to a proliferation of ransomware attacks, with cybercriminals exploiting the anonymity of the dark web to collaborate, share resources, and launch large-scale campaigns. The RaaS model not only facilitates the distribution of ransomware but it also provides criminals with analytics dashboards to track the performance of their campaigns, enabling them to optimize their strategies for maximum profit.

One of the most significant impacts of RaaS is the exponential growth in the number and variety of ransomware strains. RaaS platforms continuously evolve and introduce new ransomware variants, making it increasingly challenging for cybersecurity experts to develop effective countermeasures. The availability of these diverse strains allows cybercriminals to target different industries, geographical regions, and vulnerabilities, maximizing their chances of success. 

The profitability of RaaS has attracted a new breed of cybercriminals, leading to an underground economy where specialized roles have emerged. Ransomware developers create and sell their malicious code on RaaS platforms, while affiliates or “distributors” spread the ransomware through various means, such as phishing emails, exploit kits, or compromised websites. This division of labor allows criminals to focus on their specific expertise, while RaaS operators facilitate the monetization process and collect a share of the ransoms.

The impact of RaaS extends beyond the immediate financial and operational consequences for targeted entities. The widespread availability of ransomware toolkits has also resulted in a phenomenon known as “ransomware commoditization,” where cybercriminals compete to offer their services at lower costs or even engage in price wars. This competition drives innovation and the continuous evolution of ransomware, making it a persistent and ever-evolving threat.

To combat the growing influence of RaaS, organizations and individuals require a multilayered approach to cybersecurity. Furthermore, organizations should prioritize data backups and develop comprehensive incident response plans to ensure quick recovery in the event of a ransomware attack. Regularly testing backup restoration processes is essential to maintain business continuity and minimize the impact of potential ransomware incidents.

Ransomware as a Service has profoundly transformed the ransomware landscape, democratizing access to malicious tools and fueling the rise of cybercrime. The ease of use, scalability, and profitability of RaaS platforms have contributed to a surge in ransomware attacks across industries and geographic locations.

Generative AI and Ransomware

The rise of generative AI has been a boon for cybercriminals in helping them automate attacks. If you’ve ever been through any kind of cybersecurity training, you’ll know that spelling mistakes, bad grammar, and awkward writing are some of the most obvious signs of a phishing email. With generative AI, the cybercriminals’ job just got that much easier, and their phishing emails that more convincing.

Now, a cybercriminal just needs to punch a prompt into ChatGPT, and it spits out an error-free, well-written, convincing email that the cybercriminal can use to target victims. It has also been a force multiplier for helping cybercriminals translate that email into different languages or target it to specific industries or even companies. Text generated by models like ChatGPT help cybercriminals create very personalized messages that are more likely to have the desired effect of getting a target to click a malicious link or download a malicious payload.

How Does Ransomware Work?

A ransomware attack starts when a machine on your network becomes infected with malware. Cybercriminals have a variety of methods for infecting your machine, whether it’s an attachment in an email, a link sent via spam, or even through sophisticated social engineering campaigns. As users become more savvy to these attack vectors, cybercriminals’ strategies evolve. Once that malicious file has been loaded onto an endpoint, it spreads to the network, locking every file it can access behind strong encryption controlled by cybercriminals. If you want that encryption key, you’ll have to pay the price.

When we say ‘hacker,’ it’s not some kid in his basement. They’re stealthy, professional crime organizations. They attack slowly and methodically. They can monitor your network for months, until they have the keys to the kingdom—including backups—then they pull the trigger.

—Gregory Tellone, CEO, Continuity Centers

Encrypting ransomware or cryptoware is by far the most common variety of ransomware. Other types that might be encountered are:

• Non-encrypting ransomware or lock screens, which restrict access to files and data, but do not encrypt them.
• Ransomware that encrypts a drive’s master boot record (MBR) or Microsoft’s NTFS, which prevents victims’ computers from being booted up in a live operating system (OS) environment.
• Leakware or extortionware, which steals compromising or damaging data that the attackers then threaten to release if ransom is not paid.
• Mobile device ransomware which infects cell phones through drive-by downloads or fake apps.

What Happens During a Typical Attack?

The typical steps in a ransomware attack are:

1. Infection: Ransomware gains entry through various means such as phishing emails, physical media like thumb drives, or alternative methods. It then installs itself on a single endpoint or network device, granting the attacker access.
2. Secure Key Exchange: Once installed, the ransomware communicates with the perpetrator’s central command and control server, triggering the generation of cryptographic keys required to lock the system securely.
3. Encryption: With the cryptographic lock established, the ransomware initiates the encryption process, targeting files both locally and across the network, rendering them inaccessible without the decryption keys.
4. Extortion: Having gained secure and impenetrable access to your files, the ransomware displays an explanation of the next steps, including the ransom amount, instructions for payment, and the consequences of noncompliance.
5. Recovery Options: At this stage, the victim can attempt to remove infected files and systems while restoring from a clean backup, or they may consider paying the ransom. 

It’s never advised to pay the ransom. According to Veeam’s 2023 Ransomware Trends Report, 21% of those who paid the ransom still were not able to recover their data. There’s no guarantee the decryption keys will work, and paying the ransom only further incentivizes cybercriminals to continue their attacks. 

Who Gets Attacked?

Data has shown that ransomware attacks target firms of all sizes, and no business—from small and medium-sized business to large coprorations—is immune. According to the Veeam 2023 Data Protection Trends Report, 85% of organizations suffered at least one cyberattack in the preceding twelve months. Attacks are on the rise in every sector and in every size of business. This leaves small to medium-sized businesses particularly vulnerable, as they may not have the resources needed to shore up their defenses. 

Recent attacks where cybercriminals leaked sensitive photos of patients in a medical facility prove that no organization is out of bounds and no victim is off limits. These attempts indicate that organizations which often have weaker controls and out-of-date or unsophisticated IT systems should take extra precautions to protect themselves and their data.

The U.S. consistently ranks highest in ransomware attacks, followed by the U.K. and Germany. Windows computers are the main targets, but ransomware strains exist for Macintosh and Linux, as well.

The unfortunate truth is that ransomware has become so widespread that most companies will certainly experience some degree of a ransomware or malware attack. The best they can do is be prepared and understand the best ways to minimize the impact of ransomware.

Ransomware is more about manipulating vulnerabilities in human psychology than the adversary’s technological sophistication.”

—James Scott, Institute for Critical Infrastructure Technology

How to Combat Ransomware

So, you’ve been attacked by ransomware. Depending on your industry and legal requirements (which, as we have seen, are ever-changing), you may be obligated to report the attack first. Otherwise, your immediate footing should be one of damage control. So what should you do next?

1. Isolate the Infection. Swiftly isolate the infected endpoint from the rest of your network and any shared storage to halt the spread of the ransomware.
2. Identify the Infection. With numerous ransomware strains in existence, it’s crucial to accurately identify the specific type you’re dealing with. Conduct scans of messages, files, and utilize identification tools to gain a clearer understanding of the infection.
3. Report the Incident. While legal obligations may vary, it is advisable to report the attack to the relevant authorities. Their involvement can provide invaluable support and coordination for countermeasures.
4. Evaluate Your Options. Assess the available courses of action to address the infection. Consider the most suitable approach based on your specific circumstances.
5. Restore and Rebuild. Utilize secure backups, trusted program sources, and reliable software to restore the infected computer or set up a new system from scratch.

1. Isolate the Infection

Depending on the strain of ransomware you’ve been hit with, you may have little time to react. Fast-moving strains can spread from a single endpoint across networks, locking up your data as it goes, before you even have a chance to contain it.

The first step, even if you just suspect that one computer may be infected, is to isolate it from other endpoints and storage devices on your network. Disable Wi-Fi, disable Bluetooth, and unplug the machine from both any local area network (LAN) or storage device it might be connected to. This not only contains the spread but also keeps the ransomware from communicating with the attackers. 

Know that you may be dealing with more than just one “patient zero.” The ransomware could have entered your system through multiple vectors, particularly if someone has observed your patterns before they attacked your company. It may already be laying dormant on another system. Until you can confirm, treat every connected and networked machine as a potential host to ransomware.

2. Identify the Infection

Just as there are bad guys spreading ransomware, there are good guys helping you fight it. Sites like ID Ransomware and the No More Ransom! Project help identify which strain you’re dealing with. And knowing what type of ransomware you’ve been infected with will help you understand how it propagates, what types of files it typically targets, and what options, if any, you have for removal and disinfection. You’ll also get more information if you report the attack to the authorities (which you really should).

3. Report to the Authorities

It’s understood that sometimes it may not be in your business’s best interest to report the incident. Maybe you don’t want the attack to be public knowledge. Maybe the potential downside of involving the authorities (lost productivity during investigation, etc.) outweighs the amount of the ransom. But reporting the attack is how you help everyone avoid becoming victimized and help combat the spread and efficacy of ransomware attacks in the future. With every attack reported, the authorities get a clearer picture of who is behind attacks, how they gain access to your system, and what can be done to stop them. 

You can file a report with the FBI at the Internet Crime Complaint Center.

There are other ways to report ransomware, as well.

4. Evaluate Your Options

The good news is, you have options. The bad news is that the most obvious option, paying up, is a terrible idea.

Simply giving into cybercriminals’ demands may seem attractive to some, especially in those previously mentioned situations where paying the ransom is less expensive than the potential loss of productivity. Cybercriminals are counting on this.

However, paying the ransom only encourages attackers to strike other businesses or individuals like you. Paying the ransom not only fosters a criminal environment but also leads to civil penalties—and you might not even get your data back.

The other option is to try and remove it.

5. Restore and Rebuild—or Start Fresh

There are several sites and software packages that can potentially remove the ransomware from your system, including the No More Ransom! Project. Other options can be found, as well.

Whether you can successfully and completely remove an infection is up for debate. A working decryptor doesn’t exist for every known ransomware. The nature of the beast is that every time a good guy comes up with a decryptor, a bad guy writes new ransomware. To be safe, you’ll want to follow up by either restoring your system or starting over entirely.

Why Starting Over Using Your Backups Is the Better Idea

The surest way to confirm ransomware has been removed from a system is by doing a complete wipe of all storage devices and reinstalling everything from scratch. Formatting the hard disks in your system will ensure that no remnants of the ransomware remain.

To effectively combat the ransomware that has infiltrated your systems, it is crucial to determine the precise date of infection by examining file dates, messages, and any other pertinent information. Keep in mind that the ransomware may have been dormant within your system before becoming active and initiating significant alterations. By identifying and studying the specific characteristics of the ransomware that targeted your systems, you can gain valuable insights into its functionality, enabling you to devise the most effective strategy for restoring your systems to their optimal state.

Select a backup or backups that were made prior to the date of the initial ransomware infection. If you’ve been following a sound backup strategy, you should have copies of all your documents, media, and important files right up to the time of the infection. With both local and off-site backups, you should be able to use backup copies that you know weren’t connected to your network after the time of attack, and hence, protected from infection. Backup drives that were completely disconnected should be safe, as are files stored in the cloud, especially if you use Object Lock to make them immutable.

How Object Lock Protects Your Data

Object Lock functionality for backups allows you to store objects using a write once, read many (WORM) model, meaning that after it’s written, data cannot be modified. Using Object Lock, no one can encrypt, tamper with, or delete your protected data for a specified period of time, creating a solid line of defense against ransomware attacks.

Object Lock creates a virtual air gap for your data. The term air gap comes from the world of LTO tape. When backups are written to tape, the tapes are then physically removed from the network, creating a literal gap of air between backups and production systems. In the event of a ransomware attack, you can just pull the tapes from the previous day to restore systems. Object Lock does the same thing, but it all happens in the cloud. Instead of physically isolating data, Object Lock virtually isolates the data.

Object Lock is valuable in a few different use cases:

1. To replace an LTO tape system: Most folks looking to migrate from tape are concerned about maintaining the security of the air gap that tape provides. With Object Lock, you can create a backup that’s just as secure as air-gapped tape without the need for expensive physical infrastructure.
2. To protect and retain sensitive data: If you work in an industry that has strong compliance requirements—for instance, if you’re subject to HIPAA regulations or if you need to retain and protect data for legal reasons—Object Lock allows you to easily set appropriate retention periods to support regulatory compliance.
3. As part of a disaster recovery (DR) and business continuity plan: The last thing you want to worry about in the event you are attacked by ransomware is whether your backups are safe. Being able to restore systems from backups stored with Object Lock can help you minimize downtime and interruptions, comply with cyber insurance requirements, and achieve recovery time objectives (RTO) easier. By making critical data immutable, you can quickly and confidently restore uninfected data from your backups, deploy them, and return to business without interruption.

Ransomware attacks can be incredibly disruptive. By adopting the practice of creating immutable, air-gapped backups using Object Lock functionality, you can significantly increase your chances of achieving a successful recovery. This approach brings you one step closer to regaining control over your data and mitigating the impact of ransomware attacks.

So, Why Not Just Run a System Restore?

While it might be tempting to rely solely on a system restore point to restore your system’s functionality, it is not the best solution for eliminating the underlying virus or ransomware responsible for the initial problem. Malicious software tends to hide within various components of a system, making it impossible for system restore to eradicate all instances. 

Another critical concern is that ransomware has the capability to encrypt local backups. If your computer is infected with ransomware, there is a high likelihood that your local backup solution will also suffer from data encryption, just like everything else on the system.

With a good backup solution that is isolated from your local computers, you can easily obtain the files you need to get your system working again. This will also give you the flexibility to determine which files to restore from a particular date and how to obtain the files you need to restore your system.

Human Attack Vectors

Often, the weak link in your security protocol is the ever-elusive X factor of human error. Cybercriminals know this and exploit it through social engineering. In the context of information security, social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. In other words, the weakest point in your system is usually somewhere between the keyboard and the chair.

Common human attack vectors include:

1. Phishing

Phishing uses seemingly legitimate emails to trick people into clicking on a link or opening an attachment, unwittingly delivering the malicious payload. The email might be sent to one person or many within an organization, but sometimes the emails are targeted to help them seem more credible. This targeting takes a little more time on the attackers’ part, but the research into individual targets can make their email seem even more legitimate, not to mention the advent of generative AI models like ChatGPT. They might disguise their email address to look like the message is coming from someone the sender knows, or they might tailor the subject line to look relevant to the victim’s job. This highly personalized method is called “spear phishing.” 

2. SMSishing

As the name implies, SMSishing uses text messages to get recipients to navigate to a site or enter personal information on their device. Common approaches use authentication messages or messages that appear to be from a financial or other service provider. Even more insidiously, some SMSishing ransomware variants attempt to propagate themselves by sending themselves to all contacts in the device’s contact list.

3. Vishing

In a similar manner to email and SMS, vishing uses voicemail to deceive the victim, leaving a message with instructions to call a seemingly legitimate number which is actually spoofed. Upon calling the number, the victim is coerced into following a set of instructions which are ostensibly to fix some kind of problem. In reality, they are being tricked into installing ransomware on their own computer. Like so many other methods of phishing, vishing has become increasingly sophisticated with sound effects and professional diction that make the initial message and follow-up call seem more legitimate. And like spear phishing, it has become highly targeted.

4. Social Media

Social media can be a powerful vehicle to convince a victim to open a downloaded image from a social media site or take some other compromising action. The carrier might be music, video, or other active content that, once opened, infects the user’s system.

5. Instant Messaging

Between them, IM services like WhatsApp, Facebook Messenger, Telegram, and Snapchat have more than four billion users, making them an attractive channel for ransomware attacks. These messages can seem to come from trusted contacts and contain links or attachments that infect your machine and sometimes propagate across your contact list, furthering the spread.

Machine Attack Vectors

The other type of attack vector is machine to machine. Humans are involved to some extent, as they might facilitate the attack by visiting a website or using a computer, but the attack process is automated and doesn’t require any explicit human cooperation to invade your computer or network.

1. Drive-By

The drive-by vector is particularly malicious, since all a victim needs to do is visit a website carrying malware within the code of an image or active content. As the name implies, all you need to do is cruise by and you’re a victim.

2. System Vulnerabilities

Cybercriminals learn the vulnerabilities of specific systems and exploit those vulnerabilities to break in and install ransomware on the machine. This happens most often to systems that are not patched with the latest security releases.

3. Malvertising

Malvertising is like drive-by, but uses ads to deliver malware. These ads might be placed on search engines or popular social media sites in order to reach a large audience. A common host for malvertising is adults-only sites.

4. Network Propagation

Once a piece of ransomware is on your system, it can scan for file shares and accessible computers and spread itself across the network or shared system. Companies without adequate security might have their company file server and other network shares infected as well. From there, the malware will propagate as far as it can until it runs out of accessible systems or meets security barriers.

5. Propagation Through Shared Services

Online services such as file sharing or syncing services can be used to propagate ransomware. If the ransomware ends up in a shared folder on a home machine, the infection can be transferred to an office or to other connected machines. If the service is set to automatically sync when files are added or changed, as many file sharing services are, then a malicious virus can be widely propagated in just milliseconds.

It’s important to be careful and consider the settings you use for systems that automatically sync, and to be cautious about sharing files with others unless you know exactly where they came from.

Security experts suggest several precautionary measures for preventing a ransomware attack.

1. Use antivirus and antimalware software or other security policies to block known payloads from launching.
2. Make frequent, comprehensive backups of all important files and isolate them from local and open networks.
3. Immutable backup options such as Object Lock offer users a way to maintain truly air-gapped backups. The data is fixed, unchangeable, and cannot be deleted within the time frame set by the end-user. 
4. Keep offline data backups stored in locations that are air-gapped or inaccessible from any potentially infected computer, such as disconnected external storage drives or the cloud, which prevents the ransomware from accessing them.
5. Keep your security up-to-date through trusted vendors of your OS and applications. Remember to patch early and patch often to close known vulnerabilities in operating systems, browsers, and web plugins.
6. Consider deploying security software to protect endpoints, email servers, and network systems from infection.
7. Exercise good cyber hygiene, exercising caution when opening email attachments and links.
8. Segment your networks to keep critical computers isolated and to prevent the spread of ransomware in case of an attack. Turn off unneeded network shares.
9. Operate on the principle of least privilege. Turn off admin rights for users who don’t require them. Give users the lowest system permissions they need to do their work.
10. Restrict write permissions on file servers as much as possible.
11. Educate yourself and your employees in best practices to keep ransomware out of your systems. Update everyone on the latest email phishing scams and human engineering aimed at turning victims into abettors.

It’s clear that the best way to respond to a ransomware attack is to avoid having one in the first place. Other than that, making sure your valuable data is backed up and unreachable to a ransomware infection will ensure that your downtime and data loss will be minimal if you ever fall prey to an attack.

Have you endured a ransomware attack or have a strategy to keep you from becoming a victim? Please let us know in the comments.

Ransomware FAQS

The post Guide to How to Recover and Prevent a Ransomware Attack appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Backing up your computer files isn’t like buying comprehensive car insurance, e.g., something you hope you never have to use but are sure glad you have when you need it. Of course, you want to protect your personal information, photos, work files, and other important data from hard drive crashes, accidental deletions, drink spills, theft, or malware. While Backblaze can’t help with power outages, computer encryption, or anti-theft technologies (though we can locate a computer), we can help make backing up your files a no-brainer. And (at least to our most recent survey) with only 10% of respondents who own a computer backing up daily, folks need the help!

What’s Changed About the 3-2-1 Backup Strategy?

You may have heard of the 3-2-1 backup strategy. It means having at least three copies of your data, two local (on-site) but on different media (read: devices), and at least one copy off-site.

We’ll use “socialsecurity.jpg” as an example for this scenario. Socialsecurity.jpg lives on your computer at home; let’s say you took a picture of it for your tax accountant years ago for some tax-related stuff (as tax accountants are wont to do). That’s one copy of the data.

You also have an external hard drive to back up your computer; if you’re on a Mac, you might use it as a Time Machine drive (and Backblaze loves Time Machine). That external hard drive will back up socialsecurity.jpg as part of its backup process. That’s a second copy on a different device or medium.

In addition to that external hard drive, you also have an online backup solution (we recommend Backblaze, go figure!). The online backup continuously scans your computer and uploads your data to an off-site data center. Socialsecurity.jpg is included in this upload, becoming the third copy of your data.

Oh! And, your paper social security card is hopefully stored in a fire-proof safe (not your wallet). Does that sound pretty air-tight to you? It is, or at least it used to be.

The rise in ransomware attacks calls for strengthening the basic principles of the 3-2-1 strategy—redundancy, geographic distance, and access—with added protections. Cybercrimes targeting networked machines and capturing all data, including backups, is a growing problem. Data geeks who know about backup and recovery are going “comprehensive” with their backup “insurance.” New versions of the tried-and-true backup strategy have emerged, such as the 3-2-1-1-0 or 4-3-2 backups. Sounds like overkill? It isn’t. The good news is that companies like Backblaze exist to make at least the off-site component less stressful, they do the work and keep up with security best practices for you.

Why Is It Important to Back Up On-site and Off-site?

Whether you are interested in backing up a Mac or a PC, an on-site backup is a simple way to access your data quickly should anything happen to your computer. If your laptop or desktop’s hard drive crashes, and you have an up-to-date external hard drive available, you can quickly get most of your data back or use the external drive on another computer while yours gets fixed or replaced. If you remember to keep that external hard drive fairly up to date, the exposure for data loss is negligible, as you might only lose the uncopied files on your laptop. Most external hard drives even come with software to ensure they’re readily updated.

Having an on-site backup is a great start, but having an off-site backup is a key component in having a complete backup strategy, including cloud storage. The newer backup strategies build on the cloud’s strengths:

• Convenience: Backing up large volumes of data in the cloud is fast.
• Durability and reliability: Cloud storage centers protect against fires, natural disasters, and more.
• Collaboration: Sharing with permissions is intuitive and effortless in the cloud.

With millions working in the cloud, those three copies in the 3-2-1-1-0 backup are separated by media on-site, off-site, and offline. This backup strategy exceeds the original model in its zero error copy. This fidelity to your files’ durability and reliability is possible with the help of a backup protection tool like Object Lock, which makes it impossible to modify or delete data (for a certain amount of time) because of its Write Once, Read Many (WORM) model. If you’re using cloud storage, consider a backup strategy that uses the principles of redundancy, distance, access, and immutability like 3-2-1-1-0. And in the case of Backblaze, retention history (like our Extended Version History feature of Computer Backup) adds additional layers of protection in how long those copies are kept should anything happen to your physical devices.

Is 3-2-1 Perfect?

There is no such thing as a perfect backup system, but the 3-2-1 approach is a great start for most people and businesses. Even the United States government recommends this approach. In a 2012 paper for US-CERT (United States Computer Emergency Readiness Team), Carnegie Mellon recommended the 3-2-1 method in their publication: Data Backup Options.

Backing Up Is the Best Insurance

The 3-2-1-1-0 plan is great for getting your files backed up. If you view the strategy like an insurance policy, you want one that provides the coverage needed should the unthinkable happen. Service also matters; having a local, off-site, and offline backup gives you more options for backup recovery. And a zero error policy for recoverability is a “no questions asked” claims process. One can dream! We did.

That’s how, and why, Backblaze created the world’s easiest cloud backup.

The post The 3-2-1 Backup Strategy appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

If you’ve made your way to this post, you already know the importance of backing up your business data, but are you taking full advantage of the power of backups across your organization? In this post, we share some blazingly useful tips to help you power up your backups.

Some of the tips apply to Backblaze Business Backup for workstations and some to Backblaze B2 Cloud Storage. As a refresher, Backblaze Business Backup for workstations helps you easily deploy and manage backups for employee devices with a lightweight client installed on employee machines, and Backblaze B2 Cloud Storage is scalable, affordable cloud storage that can be used to store backups, archive content, and provide an off-site repository for Veeam and/or local devices like NAS.

12 Power Tips for Business Users of Backblaze Business Backup and Backblaze B2 Cloud Storage

1. Manage All Users of Backblaze Business Backup or Backblaze B2

Backblaze Groups can be used for both Backblaze Business Backup and Backblaze B2 to manage accounts and users. See the status of all accounts and produce reports using the admin console.

2. Streamline VM Backups

Backblaze B2 integrates with Veeam, MSP360 (formerly CloudBerry Lab), and Veritas Backup Exec, among others, to back up enterprise-level VMs with no interruptions to your workflow.

3. Manage Your Server Backups With Backblaze B2

Back up your server in minutes with our streamlined joint solution with MSP360 for one or multiple servers. Or, use Veeam or any of our other backup and archive integrations to protect your data from disaster.

4. Protect Your NAS Data Using Built-in Applications and Backblaze B2

Backblaze B2 is integrated with the leading tools and devices for NAS backup. Native integrations from Synology, QNAP, TrueNAS, and more ensure that setups are simple and backups are automated.

5. Mass Deploy Backblaze Remotely to Many Computers

Companies, organizations, schools, non-profits, and others can use the MSI installer, Jamf, Munki, and other tools to deploy Backblaze Business Backup for workstations remotely across all their computers without any end user interaction.

6. Get Free Egress Between Backblaze B2 and Many Compute and CDN Partners

Spin up compute applications with high speed and no egress charges using our partners Vultr, Equinix Metal, Packet, and Server Central. Backblaze offers free egress from Backblaze B2 to content delivery partners like Cloudflare, Fastly, and Bunny.net, speeding up access to your data worldwide.

7. Protect Data From Ransomware With Object Lock

Object Lock is a powerful backup protection tool that prevents a file from being altered or deleted until a given date. Using Object Lock to protect your data means no one—not cybercriminals, not ransomware viruses, not even the person who set the lock—can edit or delete files.

8. Get Your Data Into the Cloud Fast

With Universal Data Migration from Backblaze, you can move large data sets (>10TB) from virtually any source—other public clouds, servers, NAS, SAN, LTO/tape, and cloud drives—to Backblaze B2 at no cost.

9. Move to Backblaze B2 With Virtually No Code Changes

If you already use the S3 API protocol, you can move your data to Backblaze B2 with virtually no code changes, no workflow changes, and no downtime using the Backblaze S3 Compatible API.

10. Copy Data and Bring It Closer to End Users With Backblaze Cloud Replication

Backblaze Cloud Replication allows customers to automatically store to different locations—across regions, across accounts, or in different buckets within the same account. Customers can replicate data for security and compliance, bring it closer to end users for faster access, and replicate between development environments.

11. Restore For Free via Web or USB Hard Drive

Admins can restore data from endpoints using the web-based admin console. USB hard drives can be shipped worldwide to facilitate the management of a remote workforce.

12. Use Single Sign-on (SSO) and Two Factor Verification for Enhanced Security

Single sign-on (Google and Microsoft) improves security and the speed of signing into your Backblaze account for authorized users. With Backblaze Business Backup, all data is automatically encrypted client-side prior to upload, protected during transfer, and stored encrypted in our secure data centers. Adding two-factor verification augments account safety with another layer of security.

Want to Learn More About Backblaze Business Backup and Backblaze B2?

You can find more information on Backblaze B2 and Backblaze Business Backup (including a free trial) on our website, and more tips about backing up in our Help pages.

The post 12 Power Tips for Backing Up Business Data appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

They say the older you get, the more you become your parents. It’s so true, Progressive Insurance built an entire marketing campaign around it. (Forcing food on your family? Guilty.) But when it comes to backups, generational copies are a good thing. In fact, there’s a widely-used backup approach based on the idea—grandfather-father-son (GFS) backups.

In this post, we’ll explain what GFS is and how GFS works, we’ll share an example GFS backup plan, and we’ll show you how you can use GFS to organize your backup approach.

What Are Grandfather-Father-Son Backups?

Whether you’re setting up your first cloud backup or researching how to enhance your data security practices, chances are you’ve already got the basics figured out, like using at least a 3-2-1 backup strategy, if not a 3-2-1-1-0 or a 4-3-2. You’ve realized you need at least three total copies of your data, two of which are local but on different media, and one copy stored off-site. The next part of your strategy is to consider how often to perform full backups, with the assumption that you’ll fill the gap between full backups with incremental (or differential) backups.

One way to simplify your decision-making around backup strategy, including when to perform full vs. incremental backups, is to follow the GFS backup scheme. GFS provides recommended, but flexible, rotation cycles for full and incremental backups and has the added benefit of providing layers of data protection in a manageable framework.

How Do GFS Backups Work?

In the traditional GFS approach, a full backup is completed on the same day of each month (for example, the last day of each month or the fourth Friday of each month—however you want to define it). This is the “grandfather” cycle. It’s best practice to store this backup off-site or in the cloud. This also helps satisfy the off-site requirement of a 3-2-1 strategy.

Next, another full backup is set to run on a more frequent basis, like weekly. Again, you can define when exactly this full backup should take place, keeping in mind your business’s bandwidth requirements. (Because full backups will most definitely tie up your network for a while!) This is the “father” cycle, and, ideally, your backup should be stored locally and/or in hot cloud storage, like Backblaze B2 Cloud Storage, where it can be quickly and easily accessed if needed.

Last, plan to cover your bases with daily incremental backups. These are the “son” backups, and they should be stored in the same location as your “father” backups.

GFS Backups: An Example

In the example month shown below, the grandfather backup is completed on the last day of each month. Father full backups run every Sunday, and incremental son backups run Monday through Saturday.

It’s important to note that the daily-weekly-monthly cadence is a common approach, but you could perform your incremental son backups even more often than daily (Like hourly!) or you could set your grandfather backups to run yearly instead of monthly. Some choose to run grandfather backups monthly and “great-grandfather” backups yearly. Essentially, you just want to create three regular backup cycles (one full backup to off-site storage; one full backup to local or hot storage; and incremental backups to fill the gaps) with your grandfather full backup cycle being performed less often than your father full backup cycle.

How Long Should You Retain GFS Backups?

Last, it’s important to also consider your retention policy for each backup cycle. In other words, how long do you want to keep your monthly grandfather backups, in case you need to restore data from one? How long do you want to keep your father and son backups? Are you in an industry that has strict data retention requirements?

You’ll want to think about how to balance regulatory requirements with storage costs. By the way, you might find us a little biased towards Backblaze B2 Cloud Storage because, at $6/TB/month, you can afford to keep your backups in quickly accessible hot storage and keep them archived for as long as you need without worrying about an excessive cloud storage bill.

Ultimately, you’ll find that grandfather-father-son is an organized approach to creating and retaining full and incremental backups. It takes some planning to set up but is fairly straightforward to follow once you have a system in place. You have multiple fallback options in case your business is impacted by ransomware or a natural disaster, and you still have the flexibility to set backup cycles that meet your business needs and storage requirements.

Ready to Get Started With GFS Backups and Backblaze B2?

Check out our Business Backup solutions and safeguard your GFS backups in the industry’s leading independent storage cloud.

The post Better Backup Practices: What Is the Grandfather-Father-Son Approach? appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Saving the environment is one of the most noble tasks anyone can undertake, but the thing about the environment is that it’s notoriously rough on laptops.

For the staff of The Wilderness Society, saving wild places means trekking out into said wild with boots firmly on the ground. Whether that means shutting down copper mines that would have otherwise devastated nearby waterways or helping create public transportation routes out to public lands, The Wilderness Society is a group constantly on the move. That doesn’t leave a lot of time for dealing with backups, particularly in the geographically far-flung areas in which The Wilderness Society researchers find themselves.

Data saved on staff laptops was regularly at risk, and The Wilderness Society needed a way to protect that data from threats both natural and otherwise. Director of Information Technology, Kristin Iden, shared how she:

• Protected essential workstation data with cloud backups.
• Achieved a security stance that aligns with cyber insurance policies.
• Eased the administrative burden on an IT team of two that serves more than 160 staff around the country.

How Workstation Backups Protect Data From Disasters

The urgency to put a solid workstation backup plan in place hit home for Kristin when her laptop was destroyed by a lightning strike. And yes, she’s aware of the irony. The IT director, one of the few who isn’t dragging their laptop across creation, is the one who lost data to natural disaster.

The Wilderness Society’s researchers find themselves all over the world as part of their mission to protect the environment. There are 14 offices from coast to coast, from Hallowell, Maine to Anchorage, Alaska. According to Kristin, “drop and destroy” events are not uncommon out in the field, whether it’s a laptop taking an accidental trip down a mountainside or into the waters of the Arctic Circle.

Add to that, as a nonprofit organization, The Wilderness Society always has to look at the bottom line. Their funding comes entirely from donors and sponsors, gifted with a purpose, and as much of it should go toward the mission as possible. In fact, Kristin had originally sought out a backup solution solely for executives as a way to save budget, but Backblaze’s affordability made it a no-brainer to extend backups out into the field.

“If somebody in the Arctic Circle drops and breaks their laptop, now I can get them back up and running within a couple of days. ”
—Kristin Iden, Director of Information Technology, The Wilderness Society

How to Back Up Field Staff Workstations

Kristin started with a beta test group of around 10% of the users, making sure to include a mix of field researchers, administrative workers, and executives. One important group to include in this mix was the handful of workers in truly remote regions of the country that have metered bandwidth. This obviously made regular backups difficult, but Kristin found a workaround by having them run the backup during weekly office visits.

The two members of the IT department are the sole administrators on the roughly 160 machines throughout the organization, an 80/20 mix of PC and Mac users. As such, they were able to roll out installation of Backblaze through Microsoft Intune, a mass deployment tool. The initial beta test went off without a hitch, and they took a phased approach to the remaining rollout—Backblaze was installed across the entire organization in groups of 30.

Lightweight Backup Client Provides Peace of Mind

Kristin knew there was simply no way to prevent the inevitable destruction of user laptops out in the field. By focusing her efforts on finding the right backup solution, she was able to easily roll out to the entire organization a solution that protected their data from the rigors of nature.

Of paramount importance was simplifying the entire process for the users. They are, after all, doing the truly critical work of protecting the environment. Whether that means surveying wildlife in their native environment or working with lawmakers to craft bills that preserve nature, Kristin wanted their focus on the mission and not on their machine. With a lightweight client that doesn’t bog down machines and reliable backups she can use to provision new machines and recover data, Backblaze gave her that turnkey solution, and the peace of mind that followed.

“Admin tasks like backups are a time suck when you’re a two-person team minding 160 people running around the country trying to make sure the forests stay up. I don’t have time to babysit something constantly. With Backblaze, it just does its thing, and it lets me know when something’s not working. That’s exactly what I want out of every tool I use—just work, tell me when it isn’t, and make it easy to fix it. Backblaze just works everywhere we need it to.”
—Kristin Iden, Director of Information Technology, The Wilderness Society

Looking for a backup solution for your nonprofit organization or dispersed field staff? Learn more about Backblaze Business Backup for workstations.

The post How a National Nonprofit Protects Field Staff Workstations appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

If you landed here, you’re probably in the middle of a search for a new backup provider to replace CrashPlan (also known as Code42). Or maybe you’re in the market for the first time, and you’re trying to compare providers. Either way, you probably have some questions about CrashPlan alternatives. But bottom line, you want to make sure your data is safe and protected.

Read on to understand why Backblaze is your best choice for a CrashPlan alternative.

Or, if you know you’d like to get started with Backblaze now, click here to get things underway.

What Is Backblaze Business Backup?

Backblaze Business Backup protects your workstations, servers, NAS devices, and Veeam data by backing up critical data.

Workstation Backup

With Backblaze Business Backup for workstations, you can protect business data automatically on all employee workstations through a centrally managed admin console with unlimited, secure, cloud backup. Once deployed, lightweight, Java-free Mac and PC clients run quietly in the background—no system slow-downs or crashes. Options like Extended Version History allow you to retain files versions for one year or forever, and you can choose from a number of restore options. If you’re looking for a CrashPlan replacement to back up all employee computers, start your free trial here. But, that’s not all you can do with Backblaze Business Backup…

Server Backup

Back up your Windows, Mac, Linux, SQL, and Exchange servers in a matter of minutes by using our streamlined joint solution with MSP360 or one of many other integrations. Data is always hot, with no nearline or offline delays, and storage is only $5/TB per month and $0.01/GB for downloads.

NAS Backup

Using native integrations from Synology, QNAP, TrueNAS, and more, you can easily back up and sync your NAS data. Backblaze NAS backup is built to be reliable and easily accessible for immediate downloads—backed by SLA and affordable at $5/TB per month with no minimum storage and retention requirements.

Veeam Backup

Veeam integrates seamlessly with Backblaze, so you can tier your backups directly into cloud storage with no interruptions to your workflow. Protect your data from ransomware attacks with immutability via Object Lock. And achieve 3-2-1 compliance or offload your restore points to the cloud and free up space on your server. All backup jobs and restores occur directly within Veeam Backup & Replication.

An Invitation for Former CrashPlan On-Premises Customers

CrashPlan retired its On-Premises backup service as of February 28, 2022. If you’re a former CrashPlan On-Premises customer, check out our recent blog post for more information on how to switch to Backblaze Business Backup for workstations.

Why Backblaze?

So, why is Backblaze a great fit for current or former CrashPlan customers? Here are a few reasons.

1. Easy to Use: Transition in a few simple steps and save countless hours in setup, troubleshooting, and account management thanks to our simple plug-and-play interface.
2. Affordable and Predictable: Protect all employee workstations for just $70/computer per year, with no surprise charges. Plus monthly, yearly, or two-year billing flexibility to suit your needs. Or, back up servers, NAS devices, and Veeam data for $5/TB/month for hot storage free of complicated tiers.
3. Safe and Secure: Protect against ransomware and support compliance with two-factor authentication and single sign-on available for all users when logging in to Backblaze as well as data encryption and data durability that was calculated at 99.999999999% (11 nines).
4. Live Support: Make your transition easy with live support and deployment assistance via our Customer Service team and solution engineers.

Backblaze has 15 years of experience in the backup business, and businesses and organizations ranging from PagerDuty to Kings County, California to a leading research university rely on us for their data protection. Former CrashPlan customers who recently transitioned to Backblaze are getting the value they expected. Recently, Richard Charbonneau of Clicpomme told us more about the ease he gained from switching:

“To be honest, it was the smoothest deployment we’ve had. We should have moved to Backblaze a long time ago.”
—Richard Charbonneau, Founder, Clicpomme

Ready to Get Started?

If you are a CrashPlan user looking to transition to a new cloud backup service, Backblaze makes moving easy. Reach out to us at any time for help transitioning and getting started.

The post Looking for a CrashPlan Alternative? appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

With CrashPlan sunsetting its On-Premises backup service as of February 28, 2022, customers have some choices to make about how to handle their backups moving forward. As you think about the options—all of which require IT managers to embrace a change—we’d be remiss if we didn’t say Backblaze is ready to help with our Business Backup service for workstations. It’s quick and easy to switch over to, easy to run automatically ongoing, and cost effective.

If you’re a CrashPlan customer but you need a new backup solution, read on to understand your options. If you’re interested in working with us, you can transition from CrashPlan to Backblaze in six simple steps outlined below to protect all employee workstations from accidental data loss or ransomware, automatically and affordably.

What Options Do CrashPlan Customers Have?

CrashPlan customers have two options: transfer to CrashPlan’s Cloud Backup Service or transfer to another vendor. CrashPlan customers have until March 1, 2022 to make the decision and get started. After March 1, CrashPlan customers will lose support for their backup software. If any issues arise with backing up or restoring data, you won’t receive support to help fix the situation from CrashPlan.

CrashPlan’s Cloud Backup Service starts at $10 per endpoint per month for 0-100 endpoints, and is tiered after that. For customers looking for different pricing options or features, some CrashPlan alternatives include Carbonite and iDrive, both of which are offering promotions to attract CrashPlan customers. Keep in mind that once these promotions expire, you’re stuck paying the full price which may be higher than others. And, of course, Backblaze is an option as well.

Transferring From CrashPlan to Backblaze

So, what makes Backblaze a great fit for CrashPlan customers? We’ll share a few reasons. If you are already convinced, you can get started now by following the getting started guide in the next section of this post. If not, here are some of the benefits you’ll get with Backblaze:

1. Unlimited and Automatic: Lightweight Mac and PC clients back up all user data by default and are Java-free for stability—no system slow-downs or crashes.
2. Easy Admin and Restores: Transition in a few simple steps, then easily manage and deploy at scale via a centralized admin console by choosing from a number of mass deployment tools with multiple restore options.
3. Affordable and Predictable: Protect all employee workstations for just $70/computer/year, with no surprise charges; plus monthly, yearly, or two-year billing flexibility to suit your needs.
4. Safe and Secure: Defend your business data from ransomware and other threats with single sign-on, two-factor authentication, encryption at rest, encryption in transit, and ransomware protection.
5. Live Support: Make your transition easy with support during your transition and deployment via our Customer Service team and solution engineers.

Backblaze has been in the backup business for 15 years, and businesses ranging from PagerDuty to Charity: Water to Roush Auto Group rely on us for their data protection. Former CrashPlan customers who recently transitioned to Backblaze are getting the value they expected. Recently, Richard Charbonneau of Clicpomme spoke of the ease and simplicity he gained from switching:

“All our clients are managed by MDM or Munki, so it was really easy for us just to push the uninstaller for CrashPlan and package the new installer for Backblaze for every client.”
—Richard Charbonneau, Founder, Clicpomme

We invite you to join them.

Ready to get started?

How to Transition to Backblaze: Getting Started

You can “version off” of CrashPlan and “version on” to Backblaze Business Backup, making for a seamless transition. Simply create and configure an account with Backblaze to start backing up all employee workstations, and let CrashPlan lapse when they sunset On-Premises support on February 28.

You can retain your CrashPlan backups on-premises for however long your retention policies stipulate in case you need to restore. (Or just deprecate those altogether if you’d rather use your on-premises storage servers for something else—it’s up to you!) Then, with Backblaze set up in parallel, you can start relying on Backblaze moving forward.

Here’s how to get started with Backblaze Business Backup:

1. Click here to get started.
2. Enter an email address and password. Then click Create Account With Groups Enabled.



3. You will receive a verification email. When you do, enter the code provided.



4. Now, create a Group for your users. There are a few reason to create a Group or Groups for your users, including:
   • To establish separate retention periods.
   • To use different billing methods for different groups.
   • To give different kinds of users customized access.
   • To keep your users organized according to your needs.



5. Choose how many licenses you would like to purchase in the Computers to Back Up field, select your retention plan under Version History, then click Add a Billing Method and enter your information. When you are done, click Buy and Next. (If you are not ready to proceed with adding a payment method, feel free to click “Skip Payment & Try for Free,” this will allow you to try out the product for 15 days with full functionality.)



6. Now that your Group is created, you have some options on how to invite users into the Group. You can:
   • Invite with a link.
   • Send an auto-generated invite email.
   • Use advanced deployment via command-line and RMM tools. Check out our guides on Windows Silent Deployment and Mac Silent Deployment for more detailed information.

Deployment Considerations

Backblaze offers a number of different deployment options to give you the most flexibility when deciding how to deploy the Backblaze client to your machines. It can be as simple as sending the invite link via Slack or in a personally crafted email to a handful of users. You can use our Invite Email option to just add email addresses to a canned invite. Or you can deploy via a silent install using RMM tools such as JAMF, SCCM, Munki and others to deploy the software to your end users. Assistance is always available from our solution engineers to help guide you through the deployment process.

Additional Configuration Considerations

With Backblaze Business Backup, you can customize your Groups’ administrative access. Specify who has administrator privileges to a Group simply by adding an email address to the Group settings. As a Group administrator, you have the ability to assist your users with restores and be aware of issues when they arise.

You can also integrate with your single sign-on provider—either Google or Microsoft—in the settings to improve security, reduce support calls, and free users from having to remember yet another password.

An Invitation to Try Backblaze

If you are a CrashPlan user looking to transition to a new cloud backup service for your workstations, Backblaze makes moving to the cloud easy. Reach out to us at any time for help transitioning and getting started.

The post CrashPlan On-Premises Customers: Come On Over appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Business owners often wonder, “Can’t we just store all our files on Google Drive or Dropbox and call it a day?” The short answer? No. Not if you want to properly protect your business from data loss.

Many services out there offer businesses a way to store and protect files online, and it might seem like they accomplish the same task. While many of these cloud-based sync services seem to operate with backup-like functionality, they will not protect you from total data loss.

This post explains the difference between cloud sync, cloud backup, and cloud storage, so you can make the most informed choice for your business when it comes to taking care of your data. Plenty of business owners only learn the difference between backup and sync services in the most painful circumstances: after data loss.

Read on to understand how to best use sync, backup, and cloud storage services together to ensure that your business’s data is stored both securely and in the most optimal way for productivity.

What’s the Difference Between Cloud Sync, Cloud Backup, and Cloud Storage?

It’s helpful to understand how cloud sync, cloud backup, and cloud storage services differ from each other, and how they complement one another. Each performs a unique, helpful service, but learning the differences will help you more effectively put them to work for your specific use case.

Cloud Sync

You’re probably familiar with services like OneDrive, Dropbox Business, or Google Drive. These services sync (short for “synchronize”) files or folders on your computer to your other devices running the same application, ensuring that the same and most up-to-date information is merged across each device.

Sync services allow multiple users across multiple devices to access the same file, making it incredibly useful for collaboration and for sharing information with others. But because these services are designed for syncing, if your coworker deletes a shared file, that change will be reflected across all devices, and you may lose access to that file forever. Though most sync services offer a limited way to restore changed or deleted file versions, they aren’t true backups and remain susceptible to major data loss.

Cloud Backup

A cloud backup tool takes all of the data on your computer and stores it safely somewhere remote from your work environment. It works similarly to a traditional backup which would catalog and save all of the files on your computer to an external hard drive or a storage server on your local network. Except, in this case, your data is stored in an off-site server—also known as “the cloud.”

Cloud backups are optimized to allow businesses to easily recover their data in case a computer is lost, stolen, or compromised. Backups offer various options for data recovery allowing users to quickly access files via web and mobile applications or have their data directly shipped to them via a USB hard drive. The point is, cloud backups ensure complete protection from data loss and are meant to help your business recover swiftly.

Cloud Storage

Cloud storage is what makes cloud sync and cloud backup possible. Cloud storage providers like Backblaze B2 Cloud Storage offer the backend infrastructure for the storage of data, which services like Dropbox or Backblaze Business Backup are built on top of. It is the physical location where backups are stored and syncing occurs.

And yet, while a simple definition of cloud storage is that it is the raw storage that these other services are built on top of, it is also true that you can utilize cloud storage to build a unique service or application.

Most cloud storage providers offer an application programming interface (API) that lets you directly connect to the cloud storage of your choice, giving you the ability to create a service that does exactly what your business needs it to do. Alternatively, you can choose an integration partner that pairs with the cloud storage provider giving you the same direct connection to the cloud without having to do any technical development.

Cloud Sync Is Not the Same as Cloud Backup

Sync services were not built with backup in mind. They often rely on the user having a folder on their computer that is designated for OneDrive, Google Drive, or Dropbox. Users place files into that folder when they want their data to appear on other devices via the sync service.

This is an excellent way to avoid having to email yourself or your team files that need to be shared or worked on together. However, it’s important to remember that files outside of your team’s designated folders, e.g., in Documents, Downloads, Photos, etc., will remain locally stored on your device, and not synced to the cloud.

Just as sync services aren’t the same as cloud backup services, the reverse is also true. Though backup services may allow you various options to remotely access your data and share individual files when you need to, they are not suitable for use as collaboration tools. Instead, cloud backups ensure that all data on one device is backed up safely elsewhere. Instead of having to manually drag and drop files into designated locations, a backup will typically work automatically and in the background of your computer, backing up any new or changed data on the device. In the event of a computer crash, data loss, or ransomware attack these backed up files will be available for recovery.

When recovering files from a business cloud backup service, it’s important to understand the versioning options they provide. Say you accidentally delete a file, but don’t realize it until a few months later. You may be unable to access the file if versioning limits apply, or you may only have access to the most recent version of the lost file. However, many services now offer features like extended version history, which allows you to recover files from past points in time, so you can easily restore older work.

Here is a table that provides a quick overview and comparison of cloud sync, cloud backup, and cloud storage:

	Cloud Sync	Cloud Backup	Cloud Storage
Function	Ensures that the same and most up-to-date information is merged across each device.	All of the data on your computer is stored off-site and in the cloud.	The infrastructure on top of which cloud sync and backup services are built.
Use Case	Allows multiple users to access the same file, or files, across multiple devices.	Protects and recovers all of the files on your workstation in the event of data loss.	Backs up servers or NAS devices, or allows you to build unique services and applications.
Benefit	Share and collaborate on work files seamlessly amongst your team.	Reliably protect all of the data on your computer automatically.	Gain more control and functionality beyond what pre-built services offer.
Downside	In the event of a major data loss, files that aren’t synced (or are outside of your sync folders) will not be recoverable.	Not great for file sharing and collaborating, and some services may have data and bandwidth caps.	May require additional resources if you plan to build out custom applications and services for your business.
Automatic or Manual?	Manual. Sync services rely on users dropping the files they wish to keep into designated folders on their devices. Files outside of these folders will not be synced to the cloud.	Automatic. With little to no configuration, a backup solution regularly and automatically backs up everything, even your designated sync folders.	Depends how you choose to set it up. Cloud storage providers will often have integration partners that offer the functionality you’re looking for.
Versioning	Sync solutions may retain older or deleted versions of your files but these options vary from service to service.	May come with features like extended version history which help to recover older files.	Great for long-term data archiving and typically priced based on the amount of data stored.

Should My Business Use Cloud Storage?

It’s easy to understand how sync and backup services can help to foster collaboration and data protection in an enterprise because they deal with something we all do: manipulating, sharing, and saving files and data. The question of whether cloud storage might serve a role in your tech stack is slightly more complex.

Cloud storage providers supply data storage just as utility companies supply power, gas, and water. Cloud storage can be used for data backups, data archives, application data, media libraries, records, or any other type of data. They typically charge by a combination of data ingress, egress (in other words, the data coming and going), and the amount of data stored.

Backing Up Additional Devices & Ransomware Protection With Cloud Storage Solutions

While cloud backups like Backblaze Business Backup are great for backing up the data on your Mac and PC laptops and computers—these often are not the only devices storing precious information. Some businesses require additional functionality to back up their on-premises servers and NAS devices, or they create applications with unique functionality that serves their purpose. That’s when a cloud storage service is particularly useful.

Backblaze B2 Cloud Storage supports integrations with NAS devices, as well as Windows, Mac, and Linux servers. Backblaze B2 provides a way to store and use all types of data in partnership with vendors who integrate various solutions into the Backblaze B2 ecosystem. These integration partners offer both hardware and software solutions that pair with B2 Cloud Storage, giving businesses several options when it comes to data storage and management.

The added benefit of using cloud storage means better protection for backups. More and more, cybercriminals are targeting companies’ backups alongside their data, making it more difficult to avoid losing downtime and resources on restoring operations after an attack. A tool like Object Lock creates a virtual air gap, meaning backups are protected from modification, manipulation, or deletion due to bad actors or human error.

What’s Next?

Comprehensive backup strategies exist to offer businesses protection in the era of cloud backups and ransomware. These strategies stipulate that a business keep multiple copies of their data on different storage media in various locations—one of these locations being the cloud. But once your business has a backup plan and has an idea of how to properly utilize sync, backup, and storage, the next step is to routinely check in and test your backups.

You should test recovery of your most important, mission-critical data first, such as financial data, legal documents, and irreplaceable media. Ensure that the files that are important to your business are recoverable and intact by actually trying to recover them.

Don’t wait until disaster strikes to test your restore process and recovery. Seriously. Data loss emergencies are incredibly stressful, and doubly so when you have no idea how to properly find and recover your data. Set a schedule to test your backups and restore processes regularly. If you have more questions about keeping your business data protected, drop a line in the comments below and our team will be happy to help!

Ready to Get Started?

Now that you have a better understanding of the difference between cloud sync, cloud backups, and cloud storage, you can make a more informed decision about which is best for you and how all three can work together in your data infrastructure. If you’re ready to give Business Backup a try, click here to get started.

The post Protecting Your Business: Cloud Backup vs. Cloud Sync appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

A lot has happened since we published our last Ransomware Takeaways, and it’s only been three months. High-profile attacks dominated headlines last quarter, but the attacks few of us ever hear about made up the majority, often with more serious consequences than higher gas prices. In a recent survey of 130 hospitals and healthcare organizations, nearly half of them reported they had to disconnect their networks in the first half of 2021 due to ransomware.

You surely follow ransomware news if you have any responsibility for your organization’s IT infrastructure and/or data. Still, since the dynamics are ever changing, you might find it useful to see the bigger picture developments as we’re seeing them, to help inform your decision making. Here are five quick, timely, shareable takeaways from our monitoring over Q2 2021.

1. Ransom Demands Hit New Highs

The REvil ransomware syndicate started negotiations at $70 million in an attack on Kaseya that affected 1,500 businesses that use the company’s software products. The $70 million demand follows on the heels of two $50 million demands by REvil against computer manufacturer, Acer, in March and Apple supplier, Quanta, in April.

While the highest demands reach astronomical heights, average demands are also increasing according to cybersecurity and cyber insurance firm, Coalition. In their H1 2021 Cyber Insurance Claims Report, they noted the average ransom demand made against their policyholders increased to $1.2 million per claim in the first half of 2021, up from $450,000 in the first half of 2020.

2. Ransom Payments Appeared to Fluctuate

In their 2021 Ransomware Threat Report, Cybersecurity firm, Palo Alto Networks, noted an 82% increase in average ransom payments in the first half of 2021 to a record $570,000. While cybersecurity firm, Coveware, which tracks payments quarterly, reported a lower figure—in Q2 of 2021, they put average payments at $136,576 after hitting a high of $233,817 in Q4 of 2020. The different sources show different trends because tracking payments is a tricky science—companies are not required to report incidents, let alone ransoms demanded or payments made. As such, firms that track individual payments are limited by the constituencies they serve and the data they’re able to gather.

Taking a different approach, Chainalysis, a blockchain data platform that tracks payments to blockchain addresses linked to ransomware attacks, showed that the total amount paid by ransomware victims increased by 311% in 2020 to reach nearly $350 million worth of cryptocurrency. In May 2021, they published an update after identifying new addresses that put the number over $406 million. They expect the number will only continue to grow.

We’ll continue to track reporting from around the industry and account for variances in future reporting, but the data does tell us one thing—ransomware continues to proliferate because it continues to be profitable.

3. Double Extortion Tactics Are Increasing

In addition to encrypting files, cybercriminals are stealing data with threats to leak it if companies don’t pay the ransom. This trend is particularly concerning for public sector organizations and companies that maintain sensitive data like the Washington, D.C. Metropolitan Police Department—the victim of a May 2021 attack by the Babuk group that leaked sensitive documents including staff disciplinary records and security reports from the FBI and CIA.

Double extortion is not new—the Maze ransomware group carried out the first extortion attack in 2019, but the tactic is becoming more prevalent. In their Threat Report, Palo Alto Networks found that at least 16 ransomware variants currently employ this approach, and they expect more ransomware brands to adopt the tactic.

4. Ransomware Syndicates Are in Flux

The limelight is not a place most ransomware syndicates want to be. We’ve seen reports that the DarkSide group, responsible for the Colonial Pipeline attack, seems to have dissolved under the increased attention. But, the ransomware economy is porous, and different sources report that the muscle behind the gang may simply have changed horses to a new brand—BlackMatter—or a simply a different one—LockBit, the group allegedly responsible for the reported attack on Accenture. Like a high-stakes game of whack-a-mole, ransomware brands and groups are continuing to morph and change as authorities get wise to their tactics.

5. SMBs Continue to Be Main Targets, and Healthcare Suffered Doubly

Coalition reported that attacks on organizations with fewer than 250 employees increased 57% year over year. And, according to Coveware, over 75% of attacks in Q2 2021 targeted companies with less than 1,000 employees.

Cybercriminals target organizations of this size because they know they’re vulnerable. Small and medium-sized businesses (SMBs) with strapped IT budgets are less likely to have the resources to protect themselves and more likely to pay the ransom rather than suffer extended downtime trying to recover from an attack.

While hospitals struggled to respond to the global COVID-19 pandemic, they also suffered cybersecurity breaches at an alarming rate. As noted above, almost half of 130 hospitals surveyed in a new study reported that they disconnected their networks in the first half of 2021 due to ransomware. Some did so as a precautionary measure while others were forced to do so by the severity of the ransomware infection. Medium-sized hospitals with less than 1,000 beds experienced longer downtime and higher losses than larger institutions, averaging almost 10 hours of downtime at a cost $45,700 per hour. As we reported in our last quarterly update, relying on the goodwill of cybercriminals to forgo attacks on organizations that serve the public good is a mistake.

The Good News

This quarter, the good news is that the increased attention means ransomware groups are under more scrutiny and more businesses are waking up to the reality that the threat is very, very real. Fortunately, the headlines and numbers make it even easier to justify the investment in ransomware protections, and there are plenty of ways to incorporate them into your cloud infrastructure. If your IT team does one thing in 2021, making ransomware resilience a priority should be it.

The post Ransomware Takeaways: Q2 2021 appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.