How to Attack-Proof Backup Data Against Ransomware
The problem with this increasingly popular approach to ransomware recovery is that it reacts to a detonation instead of preventing one. It assumes the ransomware infection has not made its way into the backups and thus enables recoveries from the most recent backup to solve the ransomware detonation. This is a dangerous supposition. Even assuming the backup software has an effective response to preventing the ransomware from encrypting or deleting the backups is a risky proposition, as previously discussed. Reacting to detonations does nothing to prevent the nefarious attack-loop. Therefore, detecting and reacting to ransomware detonations is an ineffective response.
Preventing a ransomware attack-loop requires a unique cyber security capability that must detect ransomware infections in the backup stream. This capability would need to isolate the infected files, prevent them from being backed up, and notify the backup and security administrators. The administrator can then identify the infected files and remove them from their origin before they detonate, stopping ransomware in its tracks. A backup solution with this capability also prevents infected files that may have been backed up in previous generations of backup data to ensure a clean recovery. The solution would need to detect and isolate the infected file and notify the backup and security administrators of any issues, giving them the option to recover or not.
Therefore, to avoid the evolving ransomware threat and the inevitable attacks on backup data, administrators must remain several steps ahead of these attacks by introducing strategies and technologies that make backup data attack-proof against this kind of threat. The first of these strategies is to identify backup solutions that acknowledge ransomware and have taken steps to defend the backup data against such attacks. Avoid solutions that are reactive by design and that only provide a response once the attack has taken place. Instead, seek solutions that prevent malware attacks in the first place.
As part of your mission to discover an effective anti-ransomware backup solution, refine the available candidates by identifying those that offer defensive responses to attack-loops. This would include a bi-directional malware scanning and mitigation capability that seeks to stop ransomware from entering the backup stream and, if ransomware is already present, stops and quarantines the ransomware so that it cannot be recovered and reinfect the network while also notifying those who can address the matter.
A multifaceted solution will provide the greatest defense-in-depth of the company’s backup infrastructure. Look for solutions that make specific types of backup data hard to locate in the first place by using variable repository naming. This will make it much more difficult for the more intelligent strains to identify backup data with important customer records, personally identifiable information, very important financial data or valuable operational data. Experts also recommend going further and demanding two-factor authentication (2FA) that prevents the deletion of data with a single mouse-click or API call.
But if you are using backups as a form of data protection, do you really need to worry about ransomware hackers finding their way into your network? Why pay extortionists money if you already have your data backed up? The reason to move toward an evolved backup solution capable of preventing ransomware attacks in the first place is because traditional approaches to enterprise backup are failing when it comes to ransomware recovery efforts, as evidenced by the hundreds of millions of dollars lost due to these attacks.
While backups should be a critical component of every company’s data protection plan, simply having backup infrastructure in place is not enough. Backup technology has evolved and now it is possible to all but guarantee that backup data will be safe by using the right backup and recovery solution, giving organizations the best chance of defeating the extortion attempts of malicious ransomware coders.
