Dissecting two ransomware attacks on hospitals (Restore it All Podcast #77)

Start listening

Prasanna and Curtis talk about two recent ransomware attacks on hospitals and what we can learn from them. They also discuss things you can do to protect yourself from such attacks, and how to prepare to respond if you get one. We especially talk about the 3-2-1 rule and the remote desktop protocol (RDP) and how these figure into protecting yourself from such things.

  • Seeking clarifications on the 3-2-1 rule.

    When you say 3 copies, does the original data count as a copy?
    Or is it the original, plus three other copies?

    Currently, I have a fileserver with the original data,
    a backup fileserver in the same room,
    and another backup fileserver in another county on the internet.

    It would be really hard to talk my office into buying another fileserver.
    I have an extra raid that I could add to the original file server,
    and keep a copy there along with the original data.

    I know you might say “It’s more of a Guideline than a Rule” but think it might help more people than just me to clarify this, because it is hard to keep up the energy to stand up that fourth server!

    • The 3 is three versions. Most people have many more than that, and I personally wouldn’t count the original as one of those versions. But don’t confuse it with the 2 copies. That is saying that you should have the backups on two different pieces of media. You could have three additional versions all on the same tape/disk. The point of the 2 is then to make sure to have those on different media. Neither would I could the original as one of the two copies on different media.

%d bloggers like this: