Ransomware is a sophisticated and highly advanced kind of cyberattack, and a major threat that security teams across the globe are facing today. Cyber rooks use it to target all organizations–from small teams to large enterprises, state systems and administration networks.
Though rather simple in concept, Ransomware is tremendously damaging. It’s is a form malware that, when it gets downloaded to a gadget, scrambles or erases entire data till the time a ransom is paid to restore the same. As per a study, this year a new firm or organization will be a victim of a ransomware attack almost every 14 seconds. Ransowmare has can maim networks and cause shattering harm to infrastructure.
Backups are an important component of any ransomware disaster recovery strategy. When a firm or organization gets hit with ransomware, it can simply use its backups to recover the system, minus having to pay anything to the crooks behind the attack.
There’s an issue though: backups aren’t entirely immune to ransomware. Growingly sophisticated and advanced ransomware strains come with mechanisms that’s tailored to locate and encrypt backups that are stored–both locally and in the cloud. And, if an organization’s backups get encrypted, it may have no other alternative except to cough-up the ransom, as demanded.
Ransomware attacks have caused billions of dollars of damage on internet users and companies across the world. And mind you, that’s only during the last couple of years.
Read about other Ransomware or cyber security article on Publickiss.
As mentioned earlier, Ransomware is a mean kind of malware. It not only infects the victim’s computers, but it also locks them out of important files until they give some money. Worse, not more than 50% of the attackers give up their control of data even after receiving the ransom.
In such a situation, the most common-sense suggestion security professionals give to internet users is to back up their files. However–as mentioned earlier- it’s not sufficient anymore because now on the radar of the ransomware attackers are cloud backups as well.
In fact, today, any and everything linked to the Internet is exposed to risks. Some tools have been as transformative to the way we live, do a job, and play as the Net. It enables the connected world we live in. The downside to this–of course–is that anything connected to it is exposed to cyber-attack.
As soon as you enable your WiFi or cellular connection, your gadget gets exposed to every type of danger/risk. The same thing could be applicable in the situation where you store your data in the cloud, too, and also in the different connected storage drives.
For instance, in case you plug an external hard drive into a computer linked to the Net, then the chances of some cybercrooks hacking the information it has can’t be ruled out.
Cloud Backups: How Does Ransomware Attack These?
Ransomware is in reality an umbrella phrase. It refers to a plethora of different methods that cybercrooks employ. Ransomware attacks may spread through huge bot attacks, such as WannaCry, for example.
The most serious ransomware attacks are personal. These are basically the kinds you frequently get to know about on the news. These cover attacks on cities, hospitals, and corporations. You could well be thinking why a big city didn’t have backups. Isn’t that quite simple? They likely did.
However, cyber criminals went in first and erased the backups to stop victims from getting their files back. Cloud backups may be fairly more secure against this against the local option. However–as mentioned before–they also may be misconfigured, outdated, or violated, via not-too-strong password security protocols.
A regular ransomware situation involves the crooks violating corporate networks. They make use of keyloggers and other similar tools to extract account data. Afterwards, they employ this data to get access to cloud backups and start the ransomware attack.
Lastly, they erase System Restore and System Image points to stop administrators from rolling back to earlier backups. Hence, there is not any method to turn the encryption over.
Make Your Backups Ransomware-proof
A carefully planned and multilayered approach is the most effective method to keep your backups secure against ransomware.
Local backups are rather swift, capable, even as you may easily access them whenever you need them. On the flip side– and as mentioned earlier–these, i.e., local backups, are exposed to ransomware, which may possibly spread through the network.
On the other hand, offsite storage solutions are normally more dependable as they are more isolated from the company network. However, they are comparatively slower and less handy. If you use a clever mix of both local and offsite backups, you will be in a better situation and gain from both the worlds.
Against this backdrop, the easiest manner to make your backups ransomware-proof, is to apply the 3-2-1 law, which requires that a business:
- Keeps not less than 3 copies of its files.
- Stores these copies on a minimum of 2 different kinds of storage media.
- Stores a minimum of 1 copy offsite.
The best backup practices can involve nontrivial price and diligence by IT personnel. The methods used, mostly involving the 3–2–1 law, are the most perfect way to protect your organization — not just from ransomware, but from countless other issues that over the years have affected many firms and destroyed innumerable careers.
But, even in case you’re not ready to cover a lot of ground that you should in backup, you must take some needed actions to reduce the weakness of your backups if an attack occurs.
The aim of the 3–2–1 law is to multiply the chances that a backup will be obtainable. Keeping a copy remote protects you even in case of, say, a fire, or any other natural misfortune.
A good data protection setup will set the backup frequency, retention, and figure of copies in relation to the value of the data, since not all organizational data has the identical value.
You really require thinking the approach through with respect to your own organization’s specific requirements and capacities, besides regulatory requirements. While for some data, a 3–2–1+1 rule may be appropriate (regular 3–2–1, besides one copy offline); for others, a 2+1 (2 copies, 1 offline) law could be sufficient.
Other rules follow from the 3–2–1 law and from common sense: An on-site copy should be obtainable for quick, operational recoveries. It should be in different hardware so that it does not get with an issue in the gadgets the same is backing up. The second copy doesn’t require being as instantly available, but it should be obtainable, in case required.
Having said that, as with majority of security precautions, there is no completely definite manner following which you may make your backups 100% safe and protected.
However, if you follow the best practices, you can considerably boost your chances of being able to use backups for recovery from the attack with almost negligible losses of time and business.
Although having backups accessible won’t remove the necessity for an organized response to the attack orchestrated by incident response experts, the same will make the recovery process a lot faster and easier.
Last not the least, while ransomware may infect backups, the positive report is that you may significantly cut down this danger and protect yourself via taking some sound security & safety measures.