Backups: The Last Line of Defense Against Ransomware

We have all heard about the ever-increasing threats to critical data that come from ransomware. It seems like every time you pick up your smartphone to glance at the headlines, there is another major institution that has fallen victim to a ransomware attack—and from financial institutions to hospitals, no industry is immune. The WannaCry ransomware attack took these horrors to new levels and a much broader scale in 2017, affecting more than 100,000 organizations in 150 countries in one fell swoop.

But if you are using backups as a form of data protection, do you really need to worry about ransomware hackers finding their way into your network? Why pay extortionists money if you already have your data backed up? The reason is that the way that many organizations approach the backup process has failed them, as evidenced by the hundreds of millions of dollars spent to retrieve their lost data through criminal encryption or deletion.

As many experts have noted, backups are the best way to defend against ransomware, but the backups themselves need to be safeguarded as well. This is because cybercriminals are not amateurs. They know the value of backups and are now using increasingly advanced technologies to target the processes and tools associated with backups as part of their offense. If hackers encrypt not just your original data but also your backup, it will be much harder for you to restore your files, and you’ll be more likely to feel forced to pay the ransom fee.

The key, then, becomes knowing how to implement a backup solution to ensure the recovery of data encrypted by ransomware. Here are five guidelines that will help you protect your data and your backups, even if the worst should occur:

  • Understand your backup processes and build in redundancies. You may think that your data is sufficiently protected simply because you’re using a backup tool or solution. But not all solutions offer equal protection, and certain platforms leave your data particularly vulnerable. Online sharing services and network file servers, for example, are convenient for housing backups—but they are quite insecure when it comes to ransomware, since ransomware generally encrypts connected drives and thus the home directory. Also, if you’re running Windows or another OS that’s highly targeted on your server, you may end up with data infections for every user. You should also be wary of overreliance on using common cloud drives as your sole backup strategy, since these can make data recovery a nightmare if hit by ransomware. Redundancies become critical in all of these scenarios. Don’t rely on a network file server to keep your sensitive files safe; be sure to also back your data up on a separate system … which leads into the next point.
  • To ensure data availability, leverage offsite backup resources. Having all of your backups in the same location as the original data is risky, and increases the chances that a hacker will succeed in corrupting your backups as well as your source data. To avoid this, ensure physical separation of at least one set of backup data offsite. You have many options to consider that can accomplish this goal, including use of a replicated backup set offsite at a remote location, or placing some backup data in a cloud, with backup sets inaccessible from the corporate network.
  • Implement continuous, medium, and long-term backups. It is important to find a way to ensure critical data is available if it does become encrypted. Long-term backups (say once a week) are not going to necessarily give you the protection you need if you fall victim to ransomware. You would potentially lose a full week of data with only this backup strategy in place, as opposed to also including hourly backups. The best approach is to combine continuous backups alongside medium- and long-term backup sets to provide a variety of recovery options and avoid a gap in backup time. The more granular and/or varied your backups, the better.
  • Perform regular test recoveries to ensure system reliability. One way to help pinpoint your company’s exact window of potential data loss is to conduct regularly scheduled test runs of your full recovery process. By putting your current backup system through the same paces that you would do in the event of a real ransomware attack, you can help identify holes in your process or platform that might be keeping you from quick and reliable recovery.
  • Aim for early detection. The sooner that you are alerted to a ransomware attack, the more quickly prevention strategies can be launched to lessen the chance of losing your data. Some backup platforms provide early warning of unauthorized penetration, or even offer attack-loop prevention for physical servers and endpoint devices to stop unauthorized code from reaching your backup stream. Ideally, if you can implement a system that checks and quarantines malicious code the second it enters the backup repository, you will be much more likely to prevent major data corruption.

Backups should be a critical component of every company’s data protection plan, but simply having backups is not enough. By following the five strategies above, you can help boost the power and potential of your backup architecture, and give your organization the best chance of outsmarting ransomware extortionists.


Subscribe to Big Data Quarterly E-Edition