Protecting Backups from Ransomware Is As Easy As 3-2-1


Protecting Backups from Ransomware Is As Easy As 3-2-1

The world is rapidly moving towards digitalisation, allowing us to streamline the overall process. However, it has also opened up new opportunities for cybercriminals. Many organisations in various countries, including Australia, are now facing the increased threat of ransomware attacks.

The Australian Cyber Security Centre (ACSC) has termed ransomware the biggest cybercrime threat. This type of attack has the magnitude to disrupt a business’s operations, causing them to incur heavy financial losses.

So, how do you deal with this problem? We will discuss the 3-2-1 rule of backup and other ways to help you mitigate the impact of the ransomware attack. But before that, let’s get a comprehensive idea of ransomware attacks.

What are Ransomware Attacks?

Ransomware is malicious software that cybercriminals use to infiltrate and infect a particular computer or network. The malicious software will block your network access and encrypt your data. Once they encrypt your data, cybercriminals will demand a ransom from the victims.

One vital thing to note is that the attackers will also go after your backups and try to encrypt them. This way, they’ll look to stop you from getting your data back through any source except for paying ransom for it. So, if you can stop the attackers from reaching your data backup, you can save yourself from paying the ransom.

Ransomware attacks are increasing, with more than 80% of organisations in Australia hit with this cyber attack in the last year. Some experts believe the number will likely increase in the next few years.

How to Deal with the Ransomware Attacks?

The optimal way to recover from a ransomware attack is by relying on the backups of your data. It is the most effective and relevant defense against ransomware and other malware viruses, if your network security is breached. An important thing to note is that if the attackers get to your backup and wipe it out, then this technique is rendered useless. 

Most ransomware attackers will try to locate the data and delete or encrypt it. If you lose your backups to the attackers, it will become more costly for you to recover your data and significantly impact your ability to deal with the attacker.

So, how can you ensure this doesn’t happen to your business? Following the best practices that can improve your chances of recovering the data through backups is best.

Follow the 3-2-1 Rule of Backup.

When it comes to creating a backup for your data, the best way to deal with this issue is by following the 3-2-1 rule of backup. It means that you create:

Three Different Copies of the Backup Data

The first thing you need to do with the 3-2-1 backup rule is to make three copies of your critical data. You can make more copies than three since having multiple data backups can significantly reduce the chances of losing your crucial data.

The main aim of this step is to create multiple sources of backup so you can recover your data even if you lose the primary source and some other copies.

Two Storage Media to Create the Backup for Your Data

Using two different kinds of storage media to store your backup data is equally important as creating multiple copies. You can use either one of the following devices to create and store the data backup:

  • Tape storage
  • Solid state drives
  • Hard drives
  • Cloud storage
  • A dedicated server for backup

Diversifying your data backup storage media will allow you to follow the second important aspect of the 3-2-1 rule. It will ensure that you have different data backup sources in case the attackers get access to one of them.

One Copy of Your Data to Keep It Off-Site

This principle is the most crucial part of the 3-2-1 data backup rule. After you decide on the media storage types you will use to keep a data backup; you need to keep at least one copy off-site.

Therefore, you need to choose a different location for your secondary data storage device. It should not be in the same office or building as the attacker can easily access it.

Keeping a data backup source off-site also allows you to safeguard your relevant information during a fire or a natural disaster. Your off-site data backup copy will stay safe even if the equipment at your office gets damaged.

Why Is the 3-2-1 Rule of Backup Important For Your Business?

The main aim of the 3-2-1 rule is to improve the chances of recovering your data in the event of ransomware or another malicious attack. It will also protect your data in the event of a fire or natural disaster.

Moreover, it is nearly impossible for hackers to access a copy of the data in a remote location (if that copy is offline). Hence, it increases your chances of preserving your data if there is a ransomware attack.

The most critical aspect of the 3-2-1 rule is the remote copy of your data backup. A crucial characteristic of the remote copy of the off-site backup is that it should be “offline”. It should be nearly impossible for an attacker to access the “offline” copy of your backup.

The reason that you want at least one backup to be “offline”, is that it means that in the event of a ransomware attack, the “offline” backup will be inaccessible to the attackers (the BlackHats) and therefore the offline backup will be safe from a ransomware attack.

A backup can be made “offline” in one of two ways:

  1. If you’re backing up to a cloud-based service, then having the cloud backup configured to be read-only (also known as: immutable) on completion. If a backup is read-only / immutable, then once a copy of the backup has been made, because the backup is read-only, that copy of the backup cannot be changed. If the backup cannot be changed, then it is safe from a ransomware attack.
  2. Air-gapped backups. You can store a copy of your backups on a tape or a detached USB drive or NAS. These devices are disconnected from the network when they’re not in use. Air-gapped backups provide an additional level of protection, as they are not accessible when they’re not connected to the network, which makes these devices less susceptible to ransomware attacks.

You would want to take relevant measures that will result in minimal losses of time and money for your business. While there is no 100% secure method to protect your business, following the best practices will reduce the chances of attackers accessing your backup.

Benefits of Using the 3-2-1 Rule for Data Backup

Your company can enjoy a wide range of benefits by taking advantage of the 3-2-1 rule for data backup. Let’s review a few of them to understand better why you should use this data backup and protection strategy.

It Offers You Safety If There is a Hardware Failure

The 3-2-1 data backups rule not only saves your data when there is a ransomware attack, but it also proves useful in the event of hardware failure. You can easily recover your data from the off-site data backup copy. It will allow you to continue business operations without any issues.

Some people might debate that hardware failure can also occur at the location of the off-site backup storage. But most backup devices are linked to the dedicated backup servers in large centres. The service provider has systems in position to ensure no data loss if they experience a hardware failure.

Provides Reliability and Protection if There Are Any Natural Disasters

Natural disasters can happen anywhere and at anytime. Climate change is making various countries, including Australia more vulnerable to heat waves and wildfires. While there is a low possibility of a natural disaster striking and destroying your office building, it is better to be safe than sorry.

Therefore, in a rare event where a natural disaster might destroy your office building, you’ll be grateful to have additional copies of your data because of the 3-2-1 rule. It will allow you to lose your potential data if there is a natural disaster.

Ensures Safety In The Event Of Software Failure

Last but not least, software failure is a possibility that can strike any business at any place and at any time. It could be due to a small error or a malicious ransomware attack which could lead to potential data loss for your business.

Either way, following the 3-2-1 backup rule can come in handy for you. It can be a lifesaver since you’ll have multiple copies of your data in different media storage devices at various locations. You can avoid the impact of the financial and data losses of the ransomware attack.

Final Words

We hope you now have a clear idea of what a ransomware attack is and how you can deal with it with the 3-2-1 data backup rule. In a nutshell, you need to keep 3 copies of your data backup on two storage media and one at a different location.

The 3-2-1 data backup rule will give you easy access to your data all the time and can protect you from data loss if there is hardware or software failure. You can also keep your data safe from any natural disaster at an off-site location. is part of the ZEN group, an earlier version of this article first appeared at

Share it on social networks

You may also like...

Leave a Comment

Your email address will not be published. Required fields are marked *

Get In Touch

Have a question?

Are you 100% sure that your backup is safe from the latest ransomware attacks?

Video Guide