As I write, we're in the midst of a big Ransomware attack. Millions of computers have been infected, with their data encrypted, held ransom pending an extortion payment or deleted. Supposedly.
There's a very simple way to avoid the catastrophe of losing everything due to an attack like this. And it's nothing new, it's something we've known to do all along: make good backups of everything, all the time.
Backups are only part of the puzzle, though. Because backups don't matter. Being able to recover from whatever risk you face is what matters -- backups just help you do that, if you have the right ones available. It doesn't help if your backups are all infected, encrypted, deleted... or unreachable because your provider had an outage.
What you really need is a "Disaster Recovery plan" that includes a risk matrix -- a summary of what risks you face, and steps to recover if one of these risks comes to pass.
But this attack affected computers, not websites!
We see hacked websites all the time. In many cases, the site owner isn't even aware they have been hacked! So what difference does it make? We've seen hacked websites that can be used to attack other sites in "Denial of Service" attacks, mine bitcoins, and game search engines. Even though you may not be a target, your website can be used to attack other targets -- your poor security opens the doors for cyber attacks against others.
Tomorrow? Might be a different story. I think we may have crossed some threshold where people are starting to realize that they can't just neglect keeping their computers up-to-date and not risk losing all of their data. Websites are next. We've seen so many out-of-date sites just asking for an attacker to hack... It's only a matter of time before there's a wave of Ransomware attacks on web hosts.
If your site gets encrypted by ransomware tomorrow, what would you do?
Do you have backups stored somewhere that won't get encrypted? Do you have a plan for getting back online? Would you have to start over? Would you pay the ransom? (would that even work?)
Do you have everything actually backed up? WordPress, Joomla, and Drupal sites (among others) all use databases to store the stuff you really care about -- your content. Creating a backup of your database is entirely different than copying over the files in your hosting account.
One backup isn't enough. One backup system isn't enough. If you can't pull up a copy of your site from a month ago, you don't have your risks covered.
Covering your bases
If you analyze the risks you face, most companies can provide decent coverage for most website risks with the following basic approach:
- Keep your site code in version control, with other copies stored elsewhere -- this makes it easy to spin up a replacement as well as detect changed code.
- Keep your site fully up-to-date with all updates available. Even if it's not a security update, it's much better to be caught up if a new security update comes out -- your site is far less likely to break.
- Take a nightly snapshot of your database, and store on the same server for a few days to a week. This generally involves a script you need to set up yourself.
- Take a nightly snapshot of the entire server, and keep several days worth of snapshots at the same datacenter as your web server. If your server is a VPS, most VPS hosts provide an automated backup system to do this -- make sure you're using it.
- Once a day, back up your site, assets, and database dumps to some entirely different service. This protects you from risk associated with the primary host -- if they evaporate entirely, you don't lose everything.
- Use a historical backup rotation system that keeps selected snapshots around for weeks, months, even a year or more. You would be surprised how often this proves useful.
Ok, John. Got it. You really expect me to do all of that? I don't know how to do all of that! I don't have time to do all of that!
Introducing the Freelock Protection Plan
Don't worry, this is what we do day in, day out -- keep our clients' sites safe, secure, and recoverable from virtually any risk. We make sure your WordPress or Drupal site is fully up to date. We make sure you have multiple, redundant, historical backups of your site code, assets, and database. We check your site configuration and code integrity every day to detect changes that might indicate you've been hacked. We apply critical security updates immediately, less critical security updates within a day or two, and all updates every month -- all while running tests to make sure nothing breaks as a result of an update.
And if something does happen, we've got you covered. We can promptly recover your site to any of the snapshot points we have -- typically a choice of 12 - 15 different dates going back up to 16 months. Full recovery is included in the plan -- we will get you back up and running.
In many cases, a client calls us up with accidental deletion of some data. With historical backups, we can usually accommodate these requests -- while the cost of doing partial recovery is not covered by the plan, we usually have the data available so it's possible to do!
What else should I think about?
Whenever you take a serious look at the risks you face, there are bunch of questions to consider. When considering a maintenance plan, here are the crucial ones to discuss with your provider:
- How long can I live with my website being unavailable?
- How much data can I afford to lose?
- How much of a target is my website?
- Do I care more about my website being offline and unavailable, or about potentially losing data?
We think our protection plan strikes a nice balance of affordability with reasonable answers to the above:
- With major attacks that might affect all our customers, it could take us days to get everybody back online. We haven't had any recoveries take longer than 1 business day to resolve, and have done many recoveries after hours, the same day as we were brought in to recover.
- Our backup strategy does risk up to 2 days of data -- if an off-site backup runs before a database dump. With more planning and budget, we can set up replication servers and hourly backups to reduce that time window to a much smaller amount.
- If you're a target -- if you have secret information, store credit card data or health care data, you have a lot more work to do to fully lock down the environment. We have many e-commerce customers, but we make sure that the credit card data does not get stored on their servers and thus avoid becomng a target.
- We think both availability and not losing data is important. We err on the side of not losing data -- you might see occasional blips on the site while we deploy updates, and a few minutes of downtime here and there to prevent your site from being vulnerable or losing data seems like a reasonable tradeoff to us. But whenever a site is down, you'll see us frantically acting to get it back up, whatever time it is...
Please. If our plan is not for you, please at least take the time to make sure your site is secure, backed up, and not making the Internet a worse place by being owned by an attacker. If you come asking us for help after you've been hacked, if you don't have a backup, we might not be able to help. It's far less expensive to prevent problems like this than to try to recover after the fact.