In an age of increased ransomware attacks, data backups in conjunction with a comprehensive disaster recovery plan are the best defense. However, when ransomware attackers begin to target your backups, measures need to be taken to protect them. When cybercriminals encrypt an organization’s backups in order to usurp their control over them, it’s likely that the organization will pay the ransom out of desperation. Because of this, it’s important to be proactive and place protections on your backups.
Monitor Your Backup Process
By having an acute awareness of your backup process, you’ll be able to detect warning signs of ransomware attacks. In monitoring your backup log, you will have the ability to observe indications that a data encryption program is present. For example, any incremental backups will be unusable as files are changed, and files that are encrypted will be unable to be deduplicated or compressed. This level of dedicated monitoring will allow you to determine what parts of the backup process are standard, and which are indications of a problem. When you can identify an attack early, you can act on it sooner, before much damage is caused.
Be Cautious When Using Network File Servers
While network file savers are constantly available and simple to use, they have very weak security when up against a ransomware attack. A large number of ransomware programs encrypt connected drives, meaning that the home directory of the target would be encrypted as well. In addition to this, any server running a widely used and vulnerable operating system could be infected, and every user’s data would also be encrypted as a result. If you choose to use a network file server, you must back up its data to a separate system continuously as a protective measure.
Regularly Test Your Recovery Process
If a backup cannot be restored in a dependable and timely manner, it is essentially useless to an organization in the event of a ransomware attack. A backup that does not restore quickly, or backs up the wrong data will not be sufficient in attempting to avoid paying a ransom. By performing daily or hourly backups, the window of data loss shrinks, giving your backups better protection.
Be Aware of Your Solution Options
The possibility of preventing the encryption of corporate backups if ransomware can directly access backup images is very slim. Putting in the effort to engineer a system that abstracts the backup data will make it more difficult for ransomware programs to encrypt data in the first place. To do this, you must detach your backups from your primary environment and be sure that the backup process doesn’t take place on a general purpose server and operating system. This tactic makes your backups harder to access and therefore less likely to be attacked.
Having a reliable backup process is imperative in protection against ransomware attacks. However, if these backups have no protection themselves, they’re at risk of an attack as well. To ensure a better level of protection against ransomware for your backups, consider implementing these strategies.
Latest posts by Tess Hanna (see all)
- 4 Key Ways to Simplify Backing Up Large Datasets - June 14, 2019
- Interview: IBM’s Andrea Sayles on the Role of Cyber Resilience - June 13, 2019
- Veritas NetBackup is Now Available on the AWS C2S Marketplace - June 11, 2019