How Isolated Backup Can Protect Against Ransomware

Ransomware attacks increased more than 600 percent last year over 2015 and cost the enterprise more than $1 billion, according to a report from PhishMe. Tightening the security strategy present within your business may be the first step to preventing this kind of attack, but isolated backups can be helpful, according to Channel Partners Online.

The publication reported that isolated backups are a good option to look into as they reportedly make sure that your backup repository isn’t hit by ransomware.

“Many backup tools mount volumes to potentially infected machines, do their backup to this mount point, and then unmount. The fact that the mount happens puts backups at risk. Also, if the backup server happens to be running Windows and mounts the backup repository directly, it can also be the culprit for encrypting the repository,” Channel Partners Online reported.

The publication went on to say that it’s best for the backup repository to be separate from the machines being backed up and the servers. And you would use other non-filesystem-based procedures to communicate as opposed to SMB protocols, which would isolate the repository from systems that are infected.

Setting up isolated backups to protect customers varies from product to product, but it’s vital to ensure that a backup repository is not accessed as if it were a filesystem.

“In other words, do not use backup tools that mount repositories or target systems,” Channel Partners Online reported. “There are two points to protect. One is the repository itself, and the other is the backup server in use. We need to think architecture more than individual products. We think architecture by knowing how ransomware hits today. Multiple layers of protection are always best.”

If your system is breached, you’ll need an agent, backup server and repository that hasn’t been infected. Using instant recovery is the quickest way. After an infection is discovered, the recovery process begins immediately. It isolates and kills the ransomware process and restores affected data.

“The agent could and should live on a read-only bit of system so that it is also not encrypted. If not using agents, it is possible to present a fully baked disk to the cloud or virtualization host to present the volume directly to a VM,” according to Channel Partners Online.