There have been a few recent cases of Hive users being hit with ransomware and losing access to their account. So I felt it would be a good time to talk about ways to prevent this. As someone who has been in IT since High School, I have recommend the 3-2-1 approach to backups forever. This simply means you will always have three copies of your data, stored on two different types of media, and one copy off site.
Three copies of your data
This typically is satisfied with your current copy of your data, your backup, and your offsite backup.
Two different types of media
This used to mean hard drive and tape but most people are not using tape and an external USB drive is a suitable option.
One copy off-site
This to me is the most important step, this will protect against corruption, theft, and fire. This is your last resort hail mary pass option, but without it you are at extreme risk of data loss.
While I still recommend this to everyone, I have added an additional requirement for the modern age of false security. I highly recommend at least one immutable backup.
Immutable backup
An immutable backup is a backup that cannot be erased. Typically when you backup, you backup to a tape or an external hard drive. If your machine is comprimised, a hacker will wipe or encrypt data on your machine. They will also attempt to destory/encrypt any backups or remote storage they can get their hands on. This leaves you at their mercy even with proper 3-2-1 backups.
The truth about ransomware
A lot of time you will not receive a decryption key and the hacker may not even have it, even if you pay the Bitcoin they demand. Some hacker organizations are more organized than a typical corporation and even have dedicated sales reps and support staff to help larger companies decrypt their data and collect ransom. Some are no better than a script kiddie with little to no understand of what they are doing. Either way, paying ransom should never be an option, doing so harms all users by increasing the power of these organizations.
How to create an immutable backup
This step can be tricky and is not as turn key as the other steps. Most backups solutions don't offer this and franky don't even discuss it. It is as important as the other steps though, and without it you are 100% at risk of full data loss.
The easiest way to create an immutable backup is to rotate external hard drives on a daily/weekly basis. Even better if you can store these offsite for a period of time. There are companies like Iron Mountain that do this for companies typically storing tapes for years on their behalf.
With the increasing speed of home Internet connections, digital off-site backups are becoming more and more attractive. These are just as vulnerable to being wiped as local copies of your data. There are options though, services that use the ZFS file system and have immutable snapshots that cannot be wiped for X number of days. This means if your machine and all your backups get wiped, you can still restore from a snapshot.
If you are highly technical, you can use a server or NAS to host a ZFS/BTRFS file system with snapshots. If your server is completely wiped, you are of course out of luck, but if your workstation is compromised, it will not be able to wipe out the snapshots without also having access to the file server.
Depending on how critical your data is, I personally have zero tolerance for data loss, the steps you take to protect it will scale with that demand.
Do you have three copies of your data?
Is one of them off-site?
If you are into crypto, this should be a big concern to you. If you haven't already, consider your current risk acceptance and act accordingly. ZFS & BTRFS are the popular options for file systems that allow snapshots. Unfortunately, most workstations won't be able to run these file systems. Although BTRFS is becoming more common for Linux machines.
While immutable snapshots will require more space than your original data, the difference is generally a lot less than you would expect. The other benefit of snapshots is the ability to restore terabytes of data within a second or even mounting your old data as another drive to recover data manually.
No matter what you do, it can all be pointless if your backups don't work when you need them.
Always test your backups! In fact, make a schedule to check them regularlly. I won't even get started on bit rot.