Securing Your Backups From Ransomware

Securing Your Backups From Ransomware

Ransomware is inarguably the most prominent type of malware. Initially, ransomware attacks were unsophisticated hacks on personal devices where cyber attackers demanded a few bucks as ransom. However, as technology continually becomes an integral part of business processes, cyber actors have advanced their tactics and "commercialized" ransomware.

What Is Ransomware & Why Should You Care?

Ransomware is a type of cyberattack where a bad cyber actor introduces malicious software (malware) into your systems. The software infects your network, mines your data, encrypts your files, and denies you access. Next, the cyber attacker asks for a ransom to restore your access.

As we said, initially, cyberattackers would ask for just a few bucks as ransom. Fast forward to today; the 2021 Unit 42 Ransomware Threat Report estimates the average ransom demands in the first half of this year to be $5.3 million. Ransomware has gradually grown into an industry with well-established international hacker groups like Darkside, REvil, Netwalker, and Conti that extort organizations millions annually.

Why should you care? Because everyone is a potential target, these attackers don't discriminate based on company size or net worth. So, your organization—however small or big it is—might be the next target. It's scary, yeah, but that's the reality.

Why Should You Secure Your Backups From Ransomware?

Recently, we've seen a worrying trend of ransomware attackers using business interruption as a bargaining tactic. With Gartner estimating the average cost of downtime per hour at $300,000, business leaders would give an arm and a leg (literally) to restore normal operations in case of a breach.

For a long time, all you had to do was to maintain backups of your critical files. So, if cyber actors encrypted your primary database, you'd quickly turn to the backups to sustain normal operations. However, the bad guys soon got wind of this insurance technique. And now, they also go after backups. The new ransomware strains target not only your primary databases but also your offline duplicates. Ransomware groups like Cryptolocker and WannaCry have mechanisms that can delete, or even encrypt, shadow copies of corporate databases. They intend to leave you defenseless and corner you into paying ransoms without bargaining.

Therefore, it's no longer enough to say that you have updated, easy-to-retrieve backups. The most crucial question today is—how safe are the backups?

Procedures We Have in Place to Secure Your Backups From Ransomware

The most significant aspect of securing your backups from ransomware is ensuring that they're always clean. Here are the procedures we have in place to help you achieve this:

1. We Safeguard the Backup's Integrity

The first step is to back up your files in unmodifiable databases, preferably object-based storage. Doing so ensures that even if the bad guys access your backups, they cannot encrypt or corrupt them. While they may add and delete objects, they cannot interfere with the information you've already stored in other objects.

At LeadingIT, we handle backups using the Datto Backup and Data Recovery (Datto BDR) solution. This solution cannot be opened or run by external users, making it resistant to foreign interference. Therefore, even if cyber attackers could access and encrypt your local databases, they wouldn't reach the backups. Even if they were to access your backups hypothetically, they could not modify or delete them.

2. Zero-Trust Policy

Securing your offline backups in the safe Datto BDR environment is a good starting point, but it's not enough. As we said, the system does not allow access from users without your organization. But what if the bad guys steal legitimate users' credentials and use them to get to the backups?

There's no telling where the risk can come from. And that's why you should adopt the zero-trust model. Have stricter access controls for your backup environment. Implement password complexity and expiration protocols and multifactor authentication and limit access to only a few trusted executives or IT personnel.

To access Datto the BDR via a remote web connection, for instance, you must have an active Datto partner account, the username and passcode, and two-factor authentication. These requirements apply to all users, including system administrators with Secure Shell/Socket (SSH) access.

3. We Implement Multi-Level Resiliency

Always assume that you're the next target. What if the bad guys bypass the gateways and access your backups? Multi-level resiliency involves having contingency plans in worst-case scenarios. Most vendors offer unmodifiable backup solutions.

DBR does not support modification by users without active Datto user accounts. In the unlikely event that a malicious actor accesses and deletes your local and backup files, you can recover the deleted data within seven days of deletion. So, you don't have to pay huge ransoms out of desperation to recover your lost data.

4. We Regularly Test Your Backups for Reliability

Despite investing in top-notch cybersecurity systems, you still occasionally assess your network for any threats and backdoors. You should apply the same concept to your backups—occasionally evaluate them for reliability. Fortunately for the Datto BDR solution, we have an automated local verification system that checks your backups every morning for recoverability, ransomware detection, and stability.

Above all, never assume that you're always safe enough. There's no surefire ransomware prevention solution for your backups—yes—but caution and vigilance can significantly lower your risk levels.


LeadingIT offers 24/7, all-inclusive, fast, and friendly technology and cybersecurity support for nonprofits, manufacturers, schools, accounting firms, religious organizations, government, and law offices with 10-200 employees across the Chicagoland area.