How to Protect Your Backups from Ransomware


How to Protect Your Backups from Ransomware

Did you know that the cost of cybercrime alone in Australia was $29 Billion in 2020?  A survey undertaken by the Australian Cyber Security Centre found 62% of the 1,763 small businesses that responded have been a victim of Cybercrime.

Your backup system is your insurance policy.

In a worst-case scenario, if you do experience a ransomware-attack, if your backups remain uncompromised while the attack will still be a significant disruption – it won’t become a disaster.

If your backups remain intact, you will be able to recover your data, without having to consider paying a ransom.

But if you experience a ransomware attack, the black-hats (the hackers) are going to target your data and your backups.

The black-hats will target your backups, because they know from experience that if an organisation can’t restore their data from their backups. Then the victim is more likely to consider paying the ransom.

So, you need to ensure that your backups are protected from ransomware and can be relied upon if needed.

Ensure Resiliency of Your Backups.

The first step to protect your backups from ransomware is to ensure their “resiliency”. That is, that your backups are ransomware-safe, that your backups cannot be encrypted by the Black Hat’s (the hackers).

    1. Make Off-Site / Cloud Backups Immutable.

      Immutability is the ability to ‘lock’ files, so that no one can make changes to the files.

      With Immutability, once a backup image file has been created, it cannot be modified or deleted.

      Immutability is also known as read-only.

      You should ensure that your Off-Site / Cloud Backups are protected from ransomware encryption with immutability.

    2. Consider Air-gapped Backups for Sensitive Data, or to provide an additional layer of protection for all of your backups.

      Optionally, store a copy of your off-site backups on a detached USB3 drive or NAS.

      These devices are disconnected from the network when not in use, to provide an additional layer of security.

      Air-gapped backups provide an additional level of protection because they are not accessible when they’re not connected to the network, which makes the backups stored on these devices even less susceptible to ransomware threats.

    3. Implement the 3-2-1 Rule

      The 3-2-1 rule for backups is:

      • Three (3) copies of backed up data.

        Storing three copies of the backups provides redundancy for the backups. Having three sets of backup data makes it less likely that a Black Hat (a hacker) will be able to encrypt all of your backups. Of course, having three copies of your backups protects against more than just ransomware, but protecting your backups from ransomware attacks is the focus here.

      • Stored on at least two (2) different media types.

        Three copies of backed up data, all residing on the same server, doesn’t offer much additional protection. If all of the backup copies are stored on the same server, the only additional protection that is provided is against media failure (i.e. a failure of the backup media).

        Therefore at least two copies of the backups also need to be stored on different media to make those copies of the backups inaccessible to the Black Hat’s in the event of a ransomware attack.

        Options here are: tape backups, air-gapped backups using detachable storage media (e.g. external drives or NAS), or you can use ‘intelligent’ network design to create off-site copies that are not accessible from your on-site network (see the video below for an example).

      • One (1) of the backup copies is off-site (also referred to as in the ‘cloud’).

        Finally, ensure that at least one of the three copies is stored off-site.

        A properly protected off-site backup is much more difficult for a Black Hat to attack / compromise than an on-site backup where the Black Hat may have compromised network security and obtained admin-level access to your servers.

        Any cloud-based off-site backup should be read-only (also referred to as being “immutable”). If a copy of the backup is read-only, then that copy cannot be altered or deleted. Which means in the event of a ransomware attack, that read-only / immutable cloud backup will be ransomware-safe.

        Another option to consider here is implementing more than one off-site copy of your backups.

        That is, rather than implementing: 3-2-1, consider 3-2-2 or perhaps 4-3-2 (4 copies of your backups, 3 different media types, 2 copies off-site).

        CyberX implements the 4-3-2 rule as standard and 6-3-4 if the Air-Gapped backups option is chosen.

Use Strong Encryption for all Backups.

Encryption plays a pivotal role in safeguarding backups from ransomware threats. By adopting robust encryption methods, you ensure that only those with the right permissions can access vital data, providing you with confidence in the security of your backup information. It’s advised to encrypt data throughout its entire life span, be it while at rest or during transmission. Make sure all external applications handling your data, including backup solutions, employ encryption for data both in motion and when stored. Best practices in the industry involve using:

Implement regular and on-going Staff Training on Cyber-security best practices.

Why is staff training important?

Because security is not just about software vulnerabilities, cyber-security is also about people, your staff.

Countermeasures like anti-virus, patch management, e-mail screening, web filtering; all of these will reduce your risk of a breach.

Staff training is critically important from a cybersecurity standpoint for several reasons:

  • Human Element Vulnerability
    • Often, the weakest link in an organization’s cybersecurity defense is not the technology but the people. Employees can inadvertently become gateways for cyberattacks if they are not trained to recognize and respond appropriately to threats.
  • Phishing and Social Engineering Attacks
    • One of the most common cyber threats is phishing, where attackers trick individuals into divulging sensitive information or taking malicious actions. Staff training ensures employees can recognize such attempts and avoid falling for them.
  • Safe Practices
    • Proper training equips staff with best practices for secure behaviors, such as setting strong passwords, avoiding unsafe websites, and ensuring data is properly encrypted and backed up.
  • Reducing Insider Threats
    • While most employees have the best intentions, mistakes happen. A trained workforce is less likely to inadvertently cause data breaches or leaks due to mishandling of information.
  • Protecting Organizational Reputation
    • In addition to the disruption and lost productivity that a security breach can cause, a security breach can also severely damage an organization’s reputation. Educated employees can act as the last line of defence, ensuring that client data is protected, and that the business maintains its trustworthiness.
  • Cost Savings
    • The financial repercussions of a cyberattack can be significant. By investing in training, organizations can potentially save on the immense costs associated with data breaches, including recovery efforts, legal fees, and lost business.

In summary, while technological defenses are crucial, they can be rendered ineffective if staff aren’t educated about cybersecurity threats and best practices. Regular training turns employees from potential security vulnerabilities into assets in the fight against cyber threats.

Test Your Backup and Recovery Process Regularly.

Regularly testing your backup and recovery procedures is essential to confirm their effectiveness and your ability to retrieve data following an attack.

Two primary test types exist:

  1. A full system restore; which rebuilds your entire system from the ground up, encompassing the operating system, applications, and data.
  2. A partial file restore; focused on recovering a specific set of files or data.

Best practice, is to perform a full system restore on  a daily basis, as this ensures that the backup image is bootable into the Operating System.

You should also ensure that the off-site copy of the backupset is verified on a weekly basis.

Make Your Backups Ransomware Safe with CyberX

Play Video about ransomware-protection-with-cyberx-backup-and-replication-thumbnail

Share it on social networks

You may also like...

1 thought on “How to Protect Your Backups from Ransomware”

Leave a Comment

Your email address will not be published. Required fields are marked *

Get In Touch

Have a question?

Are you 100% sure that your backup is safe from the latest ransomware attacks?

Video Guide