Top five ways backup can protect against ransomware
Ransomware is the fastest-growing cybercrime threat. Trustwave security supplier says ransomware attacks have outpaced payment card information theft in the last year.
Research by Sophos found that nearly half of all ransomware attacks in 2019 were on organizations. In 75% of these cases, attackers were able to encrypt data. While most organizations were able to retrieve their data, they did so twice as fast from backup rather than paying the ransom. And the cost to them was half that of those who paid.
To avoid ransomware attacks, you need to ensure that your backups are reliable and tested. This means that backups must be made frequently and should be thorough and complete. This means backup policies should be reviewed regularly and practice must be tested.
This article will discuss the five most important things you need to do with backup to ensure your organization is protected against ransomware.
Over the past few years, ransomware has become more targeted and possibly more destructive. Although cyber security organizations are not seeing as many attacks, Sophos says they do see a shift away from “mass-market spray & pray’ desktop ransomware to targeted attacks that target businesses.
Ransomware, regardless of its target, has three parts: the initial attack or delivery of malware, encryption of the victim’s data, and communications back to the attacker.
Malware can use different routes to attack organizations. Social engineering is a key component: Around one-third (33%) of ransomware attacks are caused by users downloading malicious files and emails with malicious links. Ransomware can also be spread via direct attacks on servers and malware attachments to emails, as well as via cloud resources.
The National Centre for Cyber Security also stated that ransomware is spreading via unpatched remote access devices and exposed remote desktop protocol (RDP).
Security tools such as mail filtering, malware scanning, and firewalls can be helpful. You can also limit access to the network by patching or limiting users’ privileges.
The best protection is a strong backup system to protect data.
Protect yourself against ransomware by using backup: The top five steps
1. 1. Review and update backup policies
Being able to recover data from clean backups is the best defense against malware. Although an organization may pay a ransom to get the decryption keys, it is not guaranteed that they will. Backups are more reliable and cheaper than paying ransoms. It also doesn’t involve giving money to criminals.
Backups can only be effective if they are comprehensive and robust. CIOs should request an audit of all data locations. It’s easy to forget important data from a backup plan.
This is particularly important given the trend towards remote work during the Covid-19 pandemic.
Ask these questions:
- Are end-user systems being backed up?
- Is the backup plan designed to cover cloud data storage that is temporary or for consumers? While cloud storage should be resilient to physical failure, it will not protect against ransomware infecting files.
The 3-2-1 rule is the best backup practice: Make three copies of your data, store them across two media types and keep one off-site. The offsite backup should not be connected to the business network to protect against ransomware.
2. Air gap business data
Cloud storage is a great technology for long-term data backups. In some cases, it has even replaced optical disks and tape as backup media.
Cloud storage can protect data from physical disruptions such as power outages, fire, flood, and hardware failures. However, it won’t automatically protect against ransomware. Because cloud storage is part of shared infrastructure, it is also vulnerable to attacks from customers.
Learn more about ransomware backup
- How to stop double extortion ransomware attacks. Hackers are changing their tactics to convince victims to pay larger amounts of money. We examine the rise in double extortion.
- Ransomware protection is possible when security and backup join forces. Ransomware can disable backup systems which are the last line for protection against data loss. Data protection vendors have partnered with security companies to defend backups.
Fred Moore, an analyst at Horison Information Strategies warns that cloud providers are themselves vulnerable to ransomware attacks.
He says that attackers are now targeting cloud services because they don’t need to know a password to access cloud data. “They simply steal the credentials and delete or encrypt an organization’s cloud backups using a man-in-the-middle-attack.”
CISOs can supplement cloud backups by using tape or other media as backup media. While the cloud can serve as the offsite copy of the data, keeping another dataset on tape and keeping those tapes offline is the best way to protect your ” air gap ” data from ransomware attacks.
3. Regular backups are recommended.
It is important to note that organizations should regularly back up their data.
CIOs need to review policies regarding backup frequency, including how often data is backed up to off-site locations (including cloud storage) or mechanically separated media like tape. You might need to back up more often.
IT departments should review the length of backups they keep, particularly air-gapped media. Ransomware can use time delays or “attack loops”, to steal information from seemingly clean systems.
To find clean copies, which require longer retention or more copies, organizations might have to go through multiple generations of backups. It is also a good idea to keep separate backups of critical business systems to make recovery simpler.
4. Make sure backups are robust and clean
It is difficult to ensure that backups are safe from malware, but organizations should do everything they can to ensure that their backups remain free of malware.
Not only are strict air-gap guidelines (such as taking media offline as soon as possible) but also up-to-date malware detection and system patching tools are vital.
Companies should consider writing one, read many (WORM), media like optical disks or tapes configured as WORM. Some cloud storage providers now offer WORM-format storage.
Additional security measures include data access controls. Tools such as Windows 10 Controlled Folder Access can be used to limit user access to sensitive data. This will help to prevent ransomware from spreading and increase security for backups.
5. Plan and test
It is essential to test all backup and recovery plans. This is essential to determine if data can be recovered and calculate recovery times.
It is best to use off-site media that has been air-gapped. But how long does it take for systems to be restored? What systems should be prioritized for recovery? Will firms require separate, clean networks to recover?
The recovery plan should be tested by the CIOs using duplicate media. It would be disastrous for existing backups to become contaminated by a recovery exercise.