How to Protect Your Backups from Ransomware - All You Need To Know
Ransomware is now the number one threat to data and business across the world. Ensuring your information is protected and can be recovered in the event of a Ransomware attack should be part of your cybersecurity recovery playbook. Safeguarding and defending against bad actors needs to be part of an overall Cybersecurity strategy, and that strategy must contain an initiative on how to recover from Ransomware based encrypted backup attacks.
The critical part of protecting yourself from a Ransomware attack is to ensure you have the right level of protection against all ranges of cyber-threats that can make cyber-attacks that much harder to succeed. Failure to put these strategies in place will mean constant attacks and even paying ransoms to recover data.
Putting in strategies and barriers across your IT is key to reducing the overall risk of an attack being successful. Your data is the lifeblood of your business and protecting it should be a goal across your company. Being able to recover from attacks, deletions, compromises, or technology failures means having a robust backup strategy that is underpinned by processes and solutions.
How to Ransomware-Proof your Backups
Backups are essential to your business if you want to protect yourself from data and system outages. A Ransomware attack is an unwelcome event and one that can devastate your business. Having a backup strategy for your business can be the difference between boom or bust in the event of a Ransomware attack. Let’s now look at the mitigation steps required.
Six things you can do to protect your data from Ransomware.
1. Have a Backup Strategy: You would think this is standard, right? After all, backing up data means you can restore if you accidentally delete or lose something? At least that’s what the general use case is. But we see far too many businesses not placing priority on a backup strategy. Identifying your data and then ensuring you have a daily backup should be a critical process managed by your iT support team. But what is more important is ensuring that backups are tested, and restoration is validated. After all, it is pointless to have a data backup if you can restore it?
2. Keep Offline Backups: Placing backups on servers or storage that can be hit with Ransomware is never recommended. Your backup strategy must include a process where the data backups are moved or copied to another location. This ensures if the servers or network are compromised, your backups can remain safe.
How would you keep your backups safe? Well, maintain a secondary backup copy that is pushed to another location or device and can be then made to go “offline”. Ransomware can only attack and encrypt data that it can access; if it is not online, there is limited encryption risk.
3. Scan Backups with Anti-Malware / Anti-Virus regularly: The majority of anti-virus solutions in the market now have backup aligned protection that it is able to recognise and monitor. If the backup file(s) are changed, or there is abnormal activity on the file, then the anti-virus solution will protect the files.
4. Increase your backup frequency: The majority of backup solutions in the market can offer several ways to perform backups. The frequency of backups is an essential part of your recoverability and backup strategy. The options you choose would be defined by your RPO (recovery point objective) and RTO (recovery time objective). But what are RPO and RTO?
What is RPO: Recovery Point Objective is the amount of data you can afford to lose in an outage event. Let’s say that you have an outage at noon, and you don’t recover the service till 3 pm – are you able to suffer 3 hours of lost data?
What is RTO: Recovery Time Objective is the time it takes to recover from an outage. Let’s say you have an outage of service at 4 pm and it is recovered by 6pm; could your business tolerate 3 hours of that service not being available?
Once you have defined the above, you should align your backup process and jobs to ensure they meet the requirements.
5. Use Immutable Storage: File-level storage is always targeted and easy to access. Bad actors usually focus on searching for file-level storage as they know it’s more straightforward to manipulate, and security will be lax. Being able to have an immutable storage configuration means that unexpected changes are blocked and alerted on. This will make it harder for Ransomware and Malware to execute against data stored on it.
6. Use backup alerting: Being informed about backup statuses and progress should be part of your IT operational processes. The goal should be to validate that backups are completing, and any issues are quickly rectified.
Can Ransomware infect encrypted backups?
Yes. Ransomware can infect virtually any unprotected file and it will delete or encrypt it all. This is part of the Ransomware attack’s payload and, when successful, will mean that you must pay a ransom to recover the file.
Having a reliable backup strategy underpinned with monitoring and alerting is critical in protecting against a ransomware attack. We hope that this blog has encouraged you to review your current backup practices. If you would like a no-obligation chat about your current backup processes or would like to explore other services we have to offer, please feel free to call us or contact us here