How to Protect Backups From Ransomware and Cyber Attack

The old axiom of “backup, backup, and backup again” is becoming more relevant than ever before, thanks to the surge in ransomware and other malicious code that can encrypt or destroy data.

Today, the threats to business data are growing more rapidly than ever before, with research firm Gartner reporting that cyber vulnerabilities are growing and businesses are falling behind in their attempts to counter the growing number of cyberattacks.

Yet, cyberattacks are only one problem faced by businesses. Others include hardware failure, data corruption, failed migrations, and more. All of these issues can lead to a loss of data and potentially an interruption in the ability to conduct business.

Ransomware has become a particularly thorny problem for businesses of any size.

Research from PWnie Express reveals that 50% of a surveyed 582 cybersecurity professionals do not believe their organization is prepared to repel a ransomware attack. And Cyber Security Ventures opines that a new organization would fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021.”

After all, ransomware has become a profitable business, with Business Insider reporting that ransomware generates over $25 million in revenue for hackers each year.

Simply put, businesses today are under a growing threat and their data is the target. Protecting that data is quickly becoming job number one for IT professionals. However, flaws that expose data are still often discovered too late, a fact that makes having good, secure backups more important than ever.

The Current State of Backup

Small and Medium Enterprises (SMEs), as well as large enterprises, are on a quest to fundamentally change how they backup and recover data, a change that has been driven by both the evolution of technology and by the fast pace of data growth.

Traditional technologies, such as tape, are ill-equipped to keep up with the rate of change and the continuous expansion of data sets. This situation has led many organizations to consider alternative approaches to backup, such as using the cloud or buying disk-based backup appliances for on-premise use.

Both of these options introduce additional concerns when it comes to backing up data.

What are the Backup Types That Protect Against Ransomware?

The market of backup solutions has fragmented into a sea of options, with vendors offering cloud-only services, hybrid solutions, and on-premises physical hardware.

Simply put, there is no one-size-fits-all backup solution available today, and those looking to protect critical data will be faced by numerous choices that only complicate things further. The best strategy is following backup best practices while considering which backup types and methods are compatible with your business needs.

The Three Most Popular Types of Backups Today

Backup technologies can be broken down into three popular types:

1. Public Cloud Based

A public cloud based backup combines cloud storage with a backup service. In most cases, users run a backup client on their systems, which then transmits data to a location in the cloud.

2. On-Premises Backup

An on-premise backup is handled by backup software running on a server or endpoint and then stores backups to a local storage system or appliance.

3. Hybrid Backup

A hybrid backup is a combination of cloud services and an on-premises device. This style of backup benefits from the speed of an on-premises target, while data is further secured by being replicated to the cloud.

Four Backup Methodologies To Consider

Each of those backup types can support different methods of backup:

1. Full Backup

A full backup is a type of backup that copies every single file and folder in the system. Full backups take the most amount of time and space but prove to be the fastest way to restore data.

2. Incremental Backup

An incremental backup is a type of backup where the initial backup consists of a full backup and then only changes are backed up from that point forward. Backups themselves can be accomplished much quicker, but restoring data can be more complex and take longer.

3. Differential Backup

A differential backup is similar to an incremental backup; however, all changes detected since the initial backup are recorded each time an additional backup is performed. Restoration is quicker since only the initial backup has to be restored and the last differential backup as well.

4. Mirror Backup

A mirror backup is an exact copy of the source data is stored, usually in real-time, eliminating the need to go through a lengthy restore process. However, if the source data is corrupted, the mirror will replicate that corruption. This option is also the most expensive, often doubling running costs as it requires a second, complete setup.

Other Backup Options

Of course, there are other options for backup, many of which are built on a combination of the services mentioned above.

That said, choosing a backup methodology comes down to the most critical issue that a business seeks to address. After all, backup data can be used for everything from business analytics, to audits, to disaster recovery, or even forensics.

What’s more, there may be compliance ramifications when it comes to backups as well, such as the need to archive and store data for several years.

Building a Plan for Ransomware Protection

Perhaps the most important element of backup comes in the form of having a plan.

It is critical to know what needs to be backed-up, how frequently backups should be done, and most importantly, how to restore data from a backup.

There are several considerations at play here, including determining if the following needs to be backed up:

• Both applications and the associated data
• Operating systems
• Settings files
• User information

Each of those considerations will have an impact on developing a plan and determining the viability of restoring information if there is a ransomware attack.

Simply put, a backup plan should be part of a disaster recovery plan, and ultimately a business continuity plan.”

Most organizations use a tiered approach, where data is backed-up frequently and other elements, such as applications, operating systems, and user data are only backed-up when there is a significant change to any of those elements.

Some organizations opt for an image type backup, where a complete hard drive volume is backed up as a single entity. Those backups take the most time but allow quicker restorations, or even the ability to migrate the backup to different hardware.

Choosing which type of backup and what to utilize, as well as the frequency, should all be considerations of developing a plan that fits the business’s needs.

Ransomware: The Game Changer of Backups

Recovering from ransomware attacks brings an added layer of complexity to the backup process. That added complexity is an artifact of the actual damage ransomware does and how it accomplishes that damage.

The typical ransomware attack comes in the form of systems being infected with ransomware long before the actual attack occurs.

In other words, ransomware is usually lying in wait for an event to trigger the attack. The actual malicious code of ransomware may have been installed on a system days, weeks, or even months before the attack takes place.”

Once triggered, ransomware will encrypt data files, preventing users from accessing that data until a ransom is paid and a key is provided to unlock the encrypted data. Therein lies the real problem with ransomware and backups.

Ransomware may have already infected the backups and may even encrypt those backups as well. What’s more, even if the backups are not directly impacted by a ransomware event, once the data is restored, it may quickly become encrypted by the ransomware.

That poses many challenges for those looking to recover from a ransomware attack using backups.

How to Protect Backups from Ransomware

Today, businesses need to take steps to ransomware-proof their backups, a hard-learned lesson by those that have been impacted by the ills of ransomware.

One of the first recommendations is to use the 3-2-1 rule of backup, where an organization should have at least three copies of critical data, utilize two different types of backup media, and store at least one copy off-site.”

The 3-2-1 rule lessens the chance of a ransomware event impacting backed-up data.

Today’s ransomware infestations are somewhat limited by how applications and data interact. Ransomware normally can only impact local volumes and mapped drives, meaning that if the PC can not “see” the storage medium, ransomware should not be able to impact that storage medium.

However, that also means that if a backup is stored on a mapped drive, it may very well be impacted by a ransomware event.

Simply put, having an “offline” data copy can prevent ransomware from attacking a backup. That can be accomplished by using backup software that only attaches to the backup destination during the backup process, a feature of some of the cloud-based backup solutions.

Another option is to store backups on “write-once” media, where changes can not be made to the media after a backup.

Ultimately, using a combination of local and offsite backups will help reduce the risk of ransomware impacting a company’s backups, will provide a better foundation for recovery in the event of an infection.

Let Us Help Protect Your Backups From Ransomware

Liquid Web provides encrypted offsite backup options for Dedicated Hosting customers through Acronis Cyber Backups, as well as web application security tools.