The Most Effective Preparations to Withstand Ransom-Based Cyberattacks

A cybercriminal has disrupted your company’s technical systems and they communicate their demands of $2.3M, which was the median ransom demand in 2024.¹ If you don’t have strong backup plans for your data and network, you’re at the mercy of the attacker to keep your business online.

Two of the most likely ways that the cyber attacker accessed your company’s assets:

• They infiltrate your systems with ransomware through phishing, social engineering, software vulnerabilities, and other methods. They encrypt your data, blocking access unless you pay their ransom.
• They threaten to initiate a DDoS attack unless you pay their ransom. If you refuse to pay, they weaponize hordes of devices to overwhelm your network, causing crashes and disallowing legitimate traffic from visiting (like employees, customers and IoT devices).

In 2024, 94% of ransomware attacks targeted companies’ backup systems, and successful attackers demanded over double the amount of money from their victims.¹ With the right preparations, your business can stay online while you work through your incident response plans to handle these threats. This blog will provide you with a blueprint for preparing a resilient digital infrastructure through data backups and network redundancies.

Back It Up, Buttercup!

If one of your data storage locations gets compromised, having copies will allow your business to utilize the data from one of the copies. This may sound simple, but a haphazard approach can contribute to a chaotic and ineffective incident response.

Few companies have the resources to utilize the same backup practices for all data, so it’s important to prioritize your datasets. Defining which data should be considered “essential” will save you a lot of discussion throughout the process.

Essential data should always include sensitive data like personally identifiable information, health records and financial data. Additionally, any data that feeds critical tasks should be considered essential, such as:

• IoT sensor data for manufacturing companies
• Sales contact details for B2B companies
• Key product features for tech companies, like Zillow’s home listing data.

Let’s Start with Your Data Storage Needs

Once your team has aligned around the various tiers of data, you’re ready to start planning your data storage needs. You should follow the 3-2-1 rule for best practices:

• 3 copies of your data: Always maintain at least three copies of your essential data. One of these copies should be immutable, meaning the data is not editable, to help ensure that cyber attackers could never threaten your data in totality.
• 2 types of storage media: Store your data using at least two different types of storage solutions so attackers can’t exploit the same vulnerability across all copies. For instance, back-up your data center with cloud storage, rather than solely relying on additional data center instances. At least 1 copy should utilize a storage solution that is immediately accessible, such as Network Attached Storage, since other storage locations often require time for the data to be restored to a usable format.
• 1 offsite location: Keep at least one copy of your data in an offsite location. This is crucial for protection against physical attacks on your company’s LAN network or on-prem servers. Some industries have compliance standards that require an offsite location.

Your “essential” data determination and industry compliance standards will help influence the frequency of your data backups. Often, essential data should be backed up continuously, hourly or daily.

For the remaining data sets, data backup frequency will depend on factors like cost-benefit analyses and the regularity of data collection. Is fresh data important for the features of your organization to function effectively? If a feature becomes unavailable, how damaging would it be for your organization’s operations and reputation? Putting monetary value behind these answers with processes similar to Cyber Risk Quantification analyses helps organizations establish budgets based on the ROI of downtime prevention.

Your Network’s Critical Role in Data Backup and Recovery

Data storage solutions are rendered useless if they aren’t effectively connected by a secure network with enough bandwidth to transport full datasets, but it’s wasteful to constantly pay for the elevated network bandwidth required for data backups.

On-demand services such as Lumen^® NaaS (Network-as-a-Service) solutions allow you to flexibly back up your data by expanding your bandwidth and contracting it again once your backup is complete.

Your best options for networking solutions that can support data backups include:

• Lumen^® Internet On-Demand can connect locations flexibly over multi-service ports with bandwidth of up to 30 Gbps, with a consumption-based billing model.
• Lumen^® Ethernet On-Demand connects point-to-point locations with bandwidth of up to 30 Gbps, with a consumption-based billing model.
• Lumen^® Wavelength Solutions connect point-to-point locations, with bandwidth of up to 400 Gbps (but not consumption-based billing).

One Data Backup Solution to Manage Both Storage and Network Considerations

Lumen offers a turnkey data backup solution called Data Protect that combines agile Lumen^® Network Storage and network solutions with usage-based billing and on-demand service flexibility. You can dictate the hours and intervals that you’d like for your data to back up to both on-site and off-site locations, including immutable copies.

Network Resilience… Brilliance!

Rather than target your data storage locations, some cyber attackers may demand ransom by targeting your network to disrupt the flow of data. Employing redundant networking throughout your system allows your data to continue to flow through a different path during an attack, like taking an alternate route when you hit rush hour traffic.

To achieve effective network redundancy, you should focus on having backup options for Layers 1 through 3 of the OSI model.

Here’s a brief rundown of these layers, and you can learn more about the OSI model layers in this blog post.

• Layer 1: Physical connections between devices, such as cables, switches and fiber optic cables.
• Layer 2: Data transfer services between two devices on the same network, like ethernet.
• Layer 3: Defines device addresses and optimal routes for data to travel from one network to another (e.g., an internet protocol).

Quality network providers manage the resilience of each layer, but it’s important that your company retain backup Layer 2 and 3 services within your network architecture to enable rapid response. Each key node of your digital infrastructure should be connected by at least two to three network routes, typically from Network-as-a-Service solutions.

Maintaining a secure network may also involve security layers like Lumen Defender^SM, which proactively manages threats by utilizing machine learning to recognize internet-based threats from across the web and automatically blocks traffic before it breaches your internal network.

Nuvision Credit Union utilized Lumen NaaS for network redundancy, which helped eliminate outages and maintain 99.99% network availability for their members. Beyond increasing their network reliability, the benefits of scalable networking have also helped them seamlessly deploy new services for customers and add private connections for critical applications. Their Leader of Network and Information Security said, “Having a product that we can scale up at a moment’s notice is game-changing for us.”

Combating the Sledgehammer Approach for Ransomware Response

Some cyber attackers disrupt businesses through the not-so-subtle approach of sending hordes of traffic to overwhelm your network, known as Distributed Denial of Service (DDoS) attacks. Bad actors will threaten companies with DDoS attacks if they do not pay a ransom. These attacks have been rapidly rising in prevalence and magnitude due to the relative simplicity of implementation and the effectiveness of utilizing AI to scale the attacks.²

DDoS mitigation services widen your network during an attack with multi-layered automated protection, effectively distributing the traffic influx to a manageable level and enabling legitimate traffic to continue to access your systems.

Customers of Lumen DDoS Mitigation saw 31% fewer attacks after implementation and reported benefits valued at an ROI of 297% over three years.³

Expect the Best, but Prepare for the Worst

Effective cybersecurity requires a healthy mix of prevention and response.

Maintaining a preventative cybersecurity posture is critical to the success of your business, but in the ever-evolving world of cybersecurity, it’s equally important to arm your response capabilities to minimize the impact of breaches. Data backups, network redundancy and DDoS mitigation address key vulnerabilities exploited by ransom-based cyber attackers.

With a holistic approach to cybersecurity, your company can confidently invest in best-of-breed digital solutions to advance your business operations, customer experiences and employee productivity.

Take your first step by exploring Lumen Data Protect, a comprehensive and flexible approach to data backup services.

¹Sophos, The State of Ransomware, 2024.
²Cloudflare, Record-breaking 5.6 Tbps DDoS attack and global DDoS trends for 2024 Q4, January 2025.
³Forrester, The Total Economic Impact^TM of Lumen DDoS Mitigation Solutions, April 2023.

Nuvision Credit Union is a current Lumen customer compensated for their endorsement.

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen. This document represents Lumen products and offerings as of the date of issue. Services not available everywhere. Lumen may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2025 Lumen Technologies. All Rights Reserved.