Hit enter to search

How your backups can protect you from ransomware

Author Avatar
Dirk Slechten
Executive System Engineer, EASI

Cybercrime is becoming increasingly common these days. Like with COVID-19, we must learn to live with cybercrime, take necessary precautions, and protect ourselves as best as we can.

We've taken many measures: vaccination, wearing a mouth mask, and keeping a distance of 1.5 meters. But these measures work best when combined. What is the one measure that will make a difference in the short term? The quickest and simplest way to combat the virus seems, statistically, to be vaccination.

I'm sure you're already thinking, "Can we also immunize ourselves against cybercrime?" Perhaps we can...

First line of defense

Businesses must evaluate their backup platforms and processes. That way, they can ensure that they are capable of recovering from a ransomware attack.

Backups are not the only approach to defend your company against ransomware attacks. But they are an essential element in the recovery process. In fact, they're the last line of defense.

The first line of defense is detecting suspicious behavior early. This is mostly done by antivirus and malware end-point agents. User awareness, such as wearing a mouth mask and keeping a 1.5 m distance from others to prevent COVID-19 infection, is another example of this.

Like a virus that mutates, ransomware has grown more sophisticated. Recent advances in ransomware include encrypting files only partially to avoid security measures. It doesn't encrypt the beginning of the file; instead, it changes every 16 bytes.

Backup as a quick win against cyber criminality

The number of successful ransomware attacks keeps growing. As such, it's clear that relying only on detection isn't enough to keep your company safe.

A "battleship" is another metaphor we could use. Backups are comparable to the lifeboat of a ship. And micro-segmentation is comparable to the compartmentalization of one.

When a ship only has one compartment, it's nearly certain to sink. When a compartmentalized vessel is damaged, it can usually make it to a harbour for repairs.

To ensure that recoverability is impossible, backups are becoming the primary target for ransomware. The only alternative would be to pay the ransom.

Good design is necessary to make sure that your backups are protected and usable.

A company's life raft (read Disaster Recovery Plan) must be fast, thoroughly tested, and able to recover as soon as possible to minimize damage. The longer a business is offline, the more money, consumers, reputation, and other assets it loses.

What to keep in mind for implementation

You need to consider the following while developing a backup and recovery plan.

  • When using storage for backup, make sure you don't use network sharing methods such as CIFS - NFS.
  • Avoid DAS (Direct Attached Storage) as for backup storage as well
  • Compartmentalize the environment as much as possible.
  • Test the backups and restores regularly
  • Create an isolated backup environment to protect the backups and system.
  • Create a disaster recovery strategy with defined RTO/RPO for each application.
  • Configure 2FA for backup administrators
  • Multiple Authorized Workflows (Four Eyes Principle)
  • Scan backup data for anomalies
  • Build a relationship with a trustworthy third-party backup service. That way, you can automate offsite externalization and Airgap the backups away.
  • Ensure backup immutability
  • Build and store multiple copies of the backups
  • Have the ability to work in a clean room for data recovery and analysis.

Fast, Safe Recovery

Malware can be embedded in backup data at any time, so you can never be certain that it isn't contaminated.

Most of the time, ransomware and other harmful software are deployed before they're activated. The average infiltration duration is 230 days. This means that there's a high chance that the backup files have already been infected.

AI/ML (artificial intelligence/machine learning) is used in early detecting anomalies in the backup data by backup software.

Here are its key benefits:

  • It can use machine learning to detect suspicious behavior by analyzing the full data content of the backups
  • It helps identify the last known safe backup

Clean Room

Since the backup is likely to be tainted, it's critical to assume that it has.

Following a ransomware attack, businesses are usually faced with crucial issues.

First, it's difficult to determine when the initial breach occurred.

Second, restoring data on-premise is most likely not possible due to the following:

  • The network has been infected and is no longer safe.
  • There are not enough free resources to do a comprehensive recovery.
  • Because the afflicted environment is still required to recover data or conduct forensics, it's difficult to free up the resources.

Ransomware infections are typically local, rapid, and destructive in nature. For that reason, security teams must establish an isolated recovery environment (clean room). This is where the system can be restored. And that way, it is not accessible to unauthorized individuals who might try to re-activate the malware.

The clean room should be equipped with a security device that acts as a firewall to restrict network access. This ensures that the environment cannot receive any new infections via the Internet.

Conclusion

The aim of a ransomware assault is to bring down an organization's operations. Such an event puts the company under a lot of pressure and confusion.

A data recovery organization must also be ready and trained to execute a disaster recovery plan.

To be effective, a good disaster recovery plan must be created in such a way that the company (or a component) can quickly return to normal operations.

You need to know what needs to be recovered first for business continuity. As well as how you're going to communicate about it, internally and externally. As well as how your end-users are going to be impacted.

Organizations that have no clear disaster recovery plan often end up in a chaotic approach to the disaster. This causes lots of loss of critical restore time that have a negative impact on the continuity of the business of the organization.

Want to challenge your backup and disaster recovery strategy? Contact the Backup & DR experts at Easi! We have solutions as well for Intel X86 as well as IBM Power i Systems.

Current job openings

We are constantly looking for new colleagues!

If you share our values and you're looking for a challenging job in Belgium's Best Workplace, visit our website.

Apply now

Get our top stories in your inbox every month

Follow us

  

Share this article