Backup Against Ransomware

What is Ransomware Attack?

Ransomware is malware that blocks users from accessing their files. Ransomware is a type of malware that infects computers by searching for files and then encrypting them. Files are encrypted with asymmetric key encryption. An attacker holds the key to decrypt them.

Ransomware displays ransomware to its victims. It usually replaces their desktop backgrounds or places a text file with instructions inside the files it has attacked. Ransomware demands payment in cryptocurrency. This will keep the attack anonymous.

A ransom notice usually specifies a deadline by which the victim’s files must be destroyed. Many times, attackers refuse to release files even after victims have paid the ransom.

Ransomware can be classified as WannaCry (Cerber, Cryptolocker, and NotPetya), Ryuk, Ryuk, and Cerber.

Who is Ransomware’s Target?

Ransomware can be used to target anyone: home users, small businesses, large companies, government agencies or public officials, celebrities, politicians, etc.

  • Academic organizations – These organizations are prime targets for ransomware attacks and other cyberattacks. These organizations have smaller IT and security teams than similar-sized businesses, budget constraints, and high volumes of sensitive data, such as intellectual property and financial data of students, staff, and faculty.
  • Healthcare–hospitals and medical devices often use outdated computing devices and software, which may not be patched or suitably updated, making them relatively easy to breach. Cybercriminals are well aware that hospital data can be difficult to access and could pose a threat to patients’ lives. Ransomware is used to attack hospitals, assuming that staff at the hospital will immediately restore the data.
  • Human resources departments–human resource systems have access to financial and personnel records, making them attractive targets for ransomware. Hackers are often able to hack into HR systems pretending they are job applicants. Human resources departments are often tricked into opening an email job application and then executing a malware-infected attachment.
  • Attackers target governments because of their importance and sensitive personal data. They believe government agencies will pay the ransom quickly because they can’t afford to lose data of political or public significance.
  • Mobile Devices-mobile devices can contain sensitive personal data such as photos and videos, login credentials to online services, and financial data. Access to mobile payments is also possible. Attackers prefer to block access to mobile devices and demand ransom to allow access. Mobile devices are frequently automatically backed up to the cloud so they can be used to request access.

Ransomware: How to Protect Backups

Data backup will protect you against Ransomware. You can recover your data quickly and safely if you have a backup that isn’t affected by ransomware.

These are the best ways to protect your backups from ransomware

  • Keep an offline backup –keep another offline copy. Ransomware can infect any system that has internet access. Although your end-users won’t be backup administrators, there are ways that backups could become infected. This will mean that there will be no way to recover the data because the backup and the main copy of it will be encrypted. This risk can be mitigated by having an offline backup. It is possible to make backups using traditional tapes that are difficult for Ransomware to access.
  • Use immutable storage–also known as WORM (Write-Once-Read-Many), immutable object storage can store data in a bucket and lock it to prevent further modification. Many disk-based backup systems protect data at the block level and use modified block monitoring to safeguard files when they are modified. However, ransomware can change many storage blocks so your back system might end up backing up encrypted files. Immutable storage ensures backups remain unchanged.
  • Endpoint protection using backup servers Modern endpoint protection platforms can detect ransomware processes before they infect a system. They can quickly lock down infected systems, and isolate them from network traffic to stop ransomware from spreading. This is vital for all organizational endpoints, but it is particularly important for the backup server.
  • Increase your backup frequency – This determines your recovery objective (RPO). The ransomware attack can cause data loss at a certain frequency. Consider the potential loss of all data from the backups, regardless of whether you back up every day or every few hours. Backup mission-critical information at least once an hour

Use the 3-2-1 Backup Strategy for Ransomware Prevention

The 3-2-1 rule can be used as a best practice for backup and recovery. It can also help to mitigate ransomware threats. Although no backup strategy is perfect, the 3-2-1 rule is the best way to avoid data loss.

This is how 3-2-1 backup works.

  • Keep at least three copies of your information, one main copy and two back-ups.
  • You can use 2 different media formats, such as SSD drive or cloud storage.
  • Keep one copy offsite – The best option is to save data to a tape and then deposit it in a secure place. Another option is to automatically take a snapshot of data and store it in a disaster recovery area.

Cloudian offers Ransomware-Resilient Backup

Cloudian(r), HyperStore(r), is a large-capacity object storage device. It can store up to 1.5 Petabytes within a 4U Chassis device. This allows you to store as many as 18 Petabytes inside a single rack. HyperStore has fully redundant cooling and power, as well as performance features such as 1.92TB SSD, drives that store metadata and 10Gb Ethernet ports to speed up data transfer.

You can deploy clouding storage devices:

  • Used as a backup target in data protection applications such as Rubrik, Commvault, and VERITAS.
  • Enterprise sync and share solution that allows client systems to synchronize their data and keep a copy on a central repository.
  • Client systems use to save important files.