The 3-2-1 Backup Strategy

Your data does not exist unless it exists in three places. Ransomware specifically targets local files; if your backup is plugged into your computer, it will be encrypted too.

How to Implement It

• 3 Copies: Maintain your primary data plus two backup copies.
• 2 Media: Use two different storage types (e.g., hard drive and cloud).
• 1 Offsite: Keep at least one copy physically away from your office (the cloud satisfies this).

Prevention Advice for Regular Users

Data & Account Hygiene

• Redundant Backups: Create cloud and physical copies. Disconnect physical drives immediately after the backup finishes.
• Multi-Factor Authentication (MFA): Activate MFA on all major services to add an extra layer of protection.
• Meticulous Data Management: Treatment of sensitive data (photos, tax docs) should be prioritized over daily data.

Online Awareness

• The Golden Rule: If you didn't request something or ask for it, Don't Open It.
• QR & CLI Safety: Don't click QR codes, don't answer unknown calls, and never paste code from a website into PowerShell or a command line.
• Link Sanity Check: Never open attachments or click links in spam or unexpected emails.

Mitigation Steps for Businesses

Infrastructure & Access Control

• Zero Trust Framework: Assume all devices and users are unauthorized until verified via MFA.
• Network Micro-Segmentation: Portion your network into small sections to limit lateral movement if one area is breached.
• Harden Remote Access: Lock down RDP points and enforce egress filters to stop desktops from beaconing to attacker servers.

Operational Resilience

• Immutable Offline Backups: Maintain timely, read-only backups for AD, databases, and ERP systems, physically disconnected from the network.
• Automated Vulnerability Testing: Perform regular penetration testing to find entry points before attackers do.
• Administrative Isolation: Admins should use separate accounts for admin tasks and never have privileged access on standard laptops.