December 8, 2022

How to protect your backups from a ransomware attack?

Ransomware is the boogeyman of the business world, and not without reason. Of all the cybersecurity threats you’re likely to face, ransomware is arguably the most difficult and disruptive. The potential for all of your digital files to become inaccessible is a frightening prospect and one that can have a destructive impact on an unprepared organization.

Wherever the scale of your business, it’s likely that you rely heavily on your digital infrastructure, making it crucial that you protect against ransomware. Here’s a rundown of what ransomware is for the uninitiated, why it’s so important to protect against it, and what steps IT personnel and providers should take to protect your backups from a ransomware attack.

What is ransomware?

You may be familiar with the term ‘malware’, short for ‘malicious software’. Often conflated with computer viruses, malware is an umbrella term for all forms of software that are designed to cause harm to computers on your networks. Of all the forms of malware, ransomware is often the most damaging to business and the hardest kind of attack to recover from.

Ransomware is malicious software that holds your files for ransom. When executed, ransomware typically encrypts the files on your computer or network, so you need a password to access them. The only person who knows this password is whoever programmed the ransomware, allowing them to extort you for money. Unless you give them what they want, you will entirely lose access to your files.

Ransomware is challenging because it is extremely hard to get rid of once it gains access to your computer or network. Sometimes ransomware will lock you out of your operating system entirely, something that can only be remedied by formatting your storage. This means that if you don’t have sufficient backups, you could lose your files entirely. Not only will the hacker have access to your files, but you could be set back by months.

Why it’s important to protect against ransomware

The dangers of ransomware may seem obvious, but they can also feel remote. Many people aren’t aware of ransomware and won’t have a tangible idea of what it does and the impact it can have on a business. While the perception may be that you might lose temporary access to your computer or progress on a few files, the reality of a ransomware attack can completely cripple a business and its network infrastructure.

Think of your digital storage as a series of physical archives. Each entry point between these archives – the computers which connect to your internal network or your web server – is a room with a door that needs to be locked to prevent access to the others. If all the doors are locked, and one computer is accessed, you lose control of the data in that room. But if multiple doors are unlocked, the ransomware can take control of multiple rooms and withhold huge troves of data.

Depending on the severity of the attack, ransomware can infect entire networks, jumping between individual devices and sealing off networked storage. If one computer is compromised, the ransomware could feasibly make its way into shared storage that is used by an entire business and lock it away. If this happens, you could permanently lose access to all of those files – losing progress if you have backups and potentially years of work if you don’t.

How to protect your backups from ransomware

The best protection against any form of malware is ample redundancy. Businesses should aim to keep three backups of all their files, each isolated on a separate server. These backups are typically staggered slightly, with one being hourly and another being daily, reducing both the burden on your IT staff and your data storage needs. Should the worst occur and two of your backups become compromised, you shouldn’t lose more than one day’s work.

This is common practice for most businesses, but it isn’t a foolproof solution. The idea behind maintaining several backups is that it’s unlikely they will all be breached at the same time. Yet this is a tangible possibility with ransomware. If all of these backups are accessible on the same server or network, and someone gains access to that server or network, they could easily all be compromised. Maintaining effective data backups means securing them against this illegal access and keeping them separate to the greatest possible extent.

While this may all sound ominous, you can take a few simple measures to protect your backups. Some of these are structural, while others may require some changes in how you access and understand backups. Together, they should ensure that incidents do not occur in the first place – while also putting the processes in place to quickly address any issue that does arise.

Utilize object-based storage

The familiar way of managing digital files – creating, moving, and deleting them at will – only exists under one set of rules. It’s possible to store data in such a way that files cannot be changed once they have been stored, in a way that’s analogous to writing data to disposable media such as CDRs. This approach is called ‘object-based storage’ in the context of data backups.

By ensuring that some or all of your backups use object-based storage, ransomware that successfully accesses your backups won’t be able to modify it in such a way that you cannot access it. The hacker may still have compromised your data, but it won’t be encrypted – ensuring you don’t lose valuable progress and reducing their monetary incentive.

Control account access

In some sense, account access is both the first and last line of defense for backups. Ensuring that only trusted users can access your backups – a process known as Identity and Access Management (IAM) – protects them from illegal access and forms the biggest hurdle that any ransomware has to pass to lock down your business’ data.

Achieving this means doing two key things. One is to ensure that access is not provided through a single account, reducing the need to share details. The other – perhaps obviously – is to secure all of these accounts with features such as multi-factor authentication, where logging in requires several forms of proof of identity rather than a single password.

Harness automatic protection

Software may be the cause of your problem, but it can also be the solution. Advanced forms of automatic protection can minimize the delay between a ransomware infection and your response. Take action before you may even notice anything is wrong. While they can’t replace manual action and detective work, they help to augment it and provide the data you need to make vital decisions.

Security information and event management (SIEM) and security orchestration, automation, and response (SOAR) will generally form the backbone of your automated response. The former collects and assesses incident data, while the latter acts on it, providing analysis and workflows for manual incident response. Anomaly detection systems can also help to spot any issues with your backups before you restore them, preventing you from repeating the same problems.

Ransomware is a serious threat to businesses and a quantifiable and preventable one. By recognizing the scale of the issue and taking steps to mitigate it, you can ensure the integrity of your data – protecting it from access and preventing a loss that could set your business back.

Sota is one of the UK’s leading independent providers of professional IT support in Kent, including cloud computing, cyber resilience, connectivity, and unified communications. Having worked with countless businesses over the years, they are experts in their field, ready to advise and offer tailored solutions for each and every company. 

About the author 

Peter Hatch

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}