How to Protect Backups From Ransomware and Cyber Attack
The old axiom of “backup, backup, and backup again” is becoming more relevant than ever before, thanks to the surge in ransomware and other malicious code that can encrypt or destroy data.
Today, the threats to business data are growing more rapidly than ever before, with research firm Gartner reporting that Cyber vulnerabilities are growing and businesses are falling behind in their attempts to counter the growing number of cyberattacks.
Yet, cyberattacks are only one problem faced by businesses. Others include hardware failure, data corruption, failed migrations, and more. All of these issues can lead to a loss of data and potentially an interruption in the ability to conduct business.
Ransomware has become a particularly thorny problem for businesses of any size.
Research from PWnie Express reveals that 50% of a surveyed 582 cybersecurity professionals do not believe their organization is prepared to repel a ransomware attack. And Cyber Security Ventures opines that a new organization would fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021.”
After all, ransomware has become a profitable business, with Business Insider reporting that ransomware generates over $25 million in revenue for hackers each year.
Simply put, businesses today are under a growing threat and their data is the target. Protecting that data is quickly becoming job number one for IT professionals. However, flaws that expose data are still often discovered too late, a fact that makes having good, secure backups more important than ever.
The Current State of Backup
Small and Medium Enterprises (SMEs), as well as large enterprises, are on a quest to fundamentally change how they backup and recover data, a change that has been driven by both the evolution of technology and by the fast pace of data growth.
Traditional technologies, such as tape, are ill-equipped to keep up with the rate of change and the continuous expansion of data sets. This situation has led many organizations to consider alternative approaches to backup, such as using the cloud or buying disk-based backup appliances for on-premise use.
Both of these options introduce additional concerns when it comes to backing up data.
What are the Different Backup Types and Methodologies?
The market of backup solutions has fragmented into a sea of options, with vendors offering cloud-only services, hybrid solutions, and on-premises physical hardware.
Simply put, there is no one-size-fits-all backup solution available today, and those looking to protect critical data will be faced by numerous choices that only complicate things further. The best strategy is following best practices while considering which backup types and methods are compatible with your business needs.
The Three Most Popular Types of Backups Today
Backup technologies can be broken down into three popular types:
1. Public Cloud Based
A public cloud based backup combines cloud storage with a backup service. In most cases, users run a backup client on their systems, which then transmits data to a location in the cloud.
2. On-Premises Backup
An on-premise backup is handled by backup software running on a server or endpoint and then stores backups to a local storage system or appliance.
3. Hybrid Backup
A hybrid backup is a combination of cloud services and an on-premises device. This style of backup benefits from the speed of an on-premises target, while data is further secured by being replicated to the cloud.
Four Backup Methodologies To Consider
Each of those backup types can support different methods of backup:
1. Full Backup
A full backup is a type of backup that copies every single file and folder in the system. Full backups take the most amount of time and space but prove to be the fastest way to restore data.
2. Incremental Backup
An incremental backup is a type of backup where the initial backup consists of a full backup and then only changes are backed up from that point forward. Backups themselves can be accomplished much quicker, but restoring data can be more complex and take longer.
3. Differential Backup
A differential backup is similar to an incremental backup; however, all changes detected since the initial backup are recorded each time an additional backup is performed. Restoration is quicker since only the initial backup has to be restored and the last differential backup as well.
4. Mirror Backup
A mirror backup is an exact copy of the source data is stored, usually in real-time, eliminating the need to go through a lengthy restore process. However, if the source data is corrupted, the mirror will replicate that corruption. This option is also the most expensive, often doubling running costs as it requires a second, complete setup.
Other Backup Options
Of course, there are other options for backup, many of which are built on a combination of the services mentioned above.
That said, choosing a backup methodology comes down to the most critical issue that a business seeks to address. After all, backup data can be used for everything from business analytics, to audits, to disaster recovery, or even forensics.
What’s more, there may be compliance ramifications when it comes to backups as well, such as the need to archive and store data for several years.
Understanding the Implications of Backup and Having a Plan
Perhaps the most important element of backup comes in the form of having a plan.
It is critical to know what needs to be backed-up, how frequently backups should be done, and most importantly, how to restore data from a backup.
There are several considerations at play here, including determining if the following needs to be backed up:
- Both applications and the associated data
- Operating systems
- Settings files
- User information
Each of those considerations will have an impact on developing a plan and determining the viability of restoring information if there is a ransomware attack.
Simply put, a backup plan should be part of a disaster recovery plan, and ultimately a business continuity plan.”
Most organizations use a tiered approach, where data is backed-up frequently and other elements, such as applications, operating systems, and user data are only backed-up when there is a significant change to any of those elements.
Some organizations opt for an image type backup, where a complete hard drive volume is backed up as a single entity. Those backups take the most time but allow quicker restorations, or even the ability to migrate the backup to different hardware.
Choosing which type of backup and what to utilize, as well as the frequency, should all be considerations of developing a plan that fits the business’s needs.
Ransomware: The Game Changer of Backup
Recovering from ransomware attacks brings an added layer of complexity to the backup process. That added complexity is an artifact of the actual damage ransomware does and how it accomplishes that damage.
The typical ransomware attack comes in the form of systems being infected with ransomware long before the actual attack occurs.
In other words, ransomware is usually lying in wait for an event to trigger the attack. The actual malicious code of ransomware may have been installed on a system days, weeks, or even months before the attack takes place.”
Once triggered, ransomware will encrypt data files, preventing users from accessing that data until a ransom is paid and a key is provided to unlock the encrypted data. Therein lies the real problem with ransomware and backups.
Ransomware may have already infected the backups and may even encrypt those backups as well. What’s more, even if the backups are not directly impacted by a ransomware event, once the data is restored, it may quickly become encrypted by the ransomware.
That poses many challenges for those looking to recover from a ransomware attack using backups.
Protecting Backups from Ransomware
Today, businesses need to take steps to ransomware-proof their backups, a hard-learned lesson by those that have been impacted by the ills of ransomware.
One of the first recommendations is to use the 3-2-1 rule of backup, where an organization should have at least three copies of critical data, utilize two different types of backup media, and store at least one copy off-site.”
The 3-2-1 rule lessens the chance of a ransomware event impacting backed-up data.
Today’s ransomware infestations are somewhat limited by how applications and data interact. Ransomware normally can only impact local volumes and mapped drives, meaning that if the PC can not “see” the storage medium, ransomware should not be able to impact that storage medium.
However, that also means that if a backup is stored on a mapped drive, it may very well be impacted by a ransomware event.
Simply put, having an “offline” data copy can prevent ransomware from attacking a backup. That can be accomplished by using backup software that only attaches to the backup destination during the backup process, a feature of some of the cloud-based backup solutions.
Another option is to store backups on “write-once” media, where changes can not be made to the media after a backup.
Ultimately, using a combination of local and offsite backups will help reduce the risk of ransomware impacting a company’s backups, will provide a better foundation for recovery in the event of an infection.
Acronis Cyber Backups and Malware Scanning Can Help Protect Backups From Ransomware
Liquid Web provides encrypted offsite backup options for Dedicated Hosting customers through Acronis Cyber Backups, as well as malware scanning and remediation tools.
A self-professed pirate captain with two decades of leadership experience, Jerry has led teams from 60+ cooks and chefs to 16 networking engineers. He brings those years of experience to his current role as Product Manager at Liquid Web, focusing on networking and security products. When not working or sleeping, Jerry can usually be found eating and having a good conversation with good people.
Keep up to date with the latest Hosting news.