• March 14, 2024
  • Catagory Data Protection

Protect Your Backups from Ransomware Infections

By : Justin Folkerts

Your backups are not immune to ransomware – infected data can be replicated, so it’s important to configure your data protection so that mission critical information isn’t corrupted and clean copies can be easily restored.

Ransomware is sneaky, and it’s cross-platform. It can sit in in your backups – whether it’s an email, PDF, or Zip file, among many others – waiting to go off. And ransomware attacks don’t discriminate, either. Small and medium-sized organizations are just as viable a target for threat actors as large enterprises.

Ransomware starts with one computer, encrypting some or all its valuable data, but it can easily spread across the network, making all users susceptible and all systems potentially unusable. If ransomware corrupts a critical database, it can cripple your organization, which is why you must protect all your backups.

Preventing dangerous duplicates

If your backups are infected by ransomware, they are no more useful than your primary data – your restoration will just ignite a reinfection.

Protecting your backups from ransomware always starts by preventing users from downloading dangerous files that are riddle with malware, viruses, and ransomware. If a nefarious file does get through due to clever phishing and human error, you must make sure infections can’t be transmitted across your network through file sharing and syncing.

Most of all, you must prevent ransomware from accessing your backups at all costs. Although it’s impossible to fully protect your backups from threats, including ransomware, applying the right rules and leveraging smart software can minimize the likelihood of your backups getting infected.

Follow tried-and-true backup rules

The well-established 3-2-1 rule for backups continues be a good strategy for preventing ransomware infection of replicated files – you should have your original copy of a file, a duplicate that is stored on-site on a different medium, and a copy that is stored off-site. It is recommended that your on-site copy be stored on removeable media, such as tape.

Each of your backups requires a different approach – if you use tape, you should do a full backup rather than a differential or incremental backup. Your onsite tapes should be stored in a secure, fireproof location.

Using versioning for your backups can also prevent ransomware from infected all copies of your data – it saves a new version of the file as backup rather than wiping out the previous backup so you can return to an uninfected iteration, allowing you to easily roll back to a clean copy.

Roll backs are where software tools can help prevent your backups from being infected with ransomware as they can help manage versioning. However, your strategy is just as important as the tools. If you do a complete backup to on-site tape daily outside of office hours, you can back up the most current version. Even if ransomware hits the next day when users are likely to trigger it, you only lose that day.

Once the full backup is restored, you can review the offsite incremental backups done throughout the day to restore specific files with the latest and greatest versions.  

Another strategy is to distribute your backups – by having separate backup systems for different types of data you can reduce the likelihood of ransomware spreading between them.

User endpoints are ransomware’s first target

No matter your backup strategy, protecting your endpoints is always your first line of defence when combatting ransomware. Endpoint data protection combined with employee cybersecurity awareness and training will contain ransomware within the first infected machine, reducing the likelihood of it infecting your backups.