A backup is the most important preventive measure to ensure the availability of data in the event of a ransomware incident. The data must be saved in an offline backup. These backups are separated from the other systems in the network after the backup process and are therefore protected against attacks and encryption.

A backup always includes the planning and preparation for restarting processes and restoring the data. These plans should also be subjected to a practical test in order to recognise complications and challenges in the restoration of backuped data before an emergency occurs. Attention should also be paid to the possibility of restoring process availability in the event of data loss.

A centralised backup also requires users to store their data centrally. The advantage of network drives is that access rights can be assigned on a need-to-know basis. It is also possible to change these at a later date. For example, users can be denied write access to archived old project data. This means that the data can still be accessed, but encryption by a ransomware with user's rights would no longer be possible.

Effect in Phase: 5