Keeping Your Backups Safe from Ransomware Attacks

Data backups are an effective way to recover from a ransomware attack if your organization finds itself encrypted and unable to operate. If your company doesn’t practice proper data backup hygiene, these files could end up encrypted during the ransomware attack. 

As ransomware continues to be among the dominant cyber threats organizations face this year, businesses have responded by ensuring they are backing up their data. Although data backups are part of the layered approach to protecting your business, many organizations are improperly backing up their data, and these backups must be protected and kept safe from ransomware attacks.

Businesses that do not adhere to strict data backups procedures may find themselves in an awkward position if their files become encrypted during a ransomware attack. As ransomware operators probe to see where a business might have backups and encrypt those files as part of the attack, how can we raise more awareness on data backups and how to keep them safer from encryption such as ransomware? 

How can I back up my data effectively?

Backing up your data starts with a clear and concise plan. Identifying your business-critical data and where you store it is one of the first steps of the process.

3-2-1 Backup Method

Cybersecurity professionals often refer to the “3-2-1” data backup approach as a sufficient technique for keeping copies of your data. Backing up your data can give you a false sense of security. For this reason, it is critical to understand the 3-2-1 Backup method fully: Three (recent) copies of your data stored across two different storage mediums/locations and one cloud storage provider.

If one of your data backups becomes encrypted from a ransomware attack, you will have the ability to recover from a different source, provided a backup is present across different locations. Cyber-criminals are deploying their ransomware to look for any network-attached storage devices. As a result, any network resources a user has access to will become encrypted.

Guarantee an offline backup

Ransomware threats can target any local backup on the network, such as Windows shadow copies or other network-attached storage implemented by the system administrator. If the infected user has access to the backup location, then those files are likely to become encrypted. Taking a backup offline and physically disconnecting it from an online connection can thwart any attempt to encrypt this data storage location. 

Offsite Backups

Offsite backups can be the easiest and sure fire way to restore your data if you configure it correctly. Here are a few things to check for when you are setting up these backups:

  1. Ensure backups back up based on your business need (hourly, 2x a day, daily, etc.). 
  2. Have at least 3-5 backups, so if your data was encrypted yesterday, you could roll back the files to an hour prior when they were not encrypted. One of the most common reasons why victims cannot restore their backups is due to improper configuration.
  3. Test regularly.

Backup often and regularly

The frequency of backups also matters. How often does your data change? If your customer database has over 1,000 updates per hour, losing just one hour of data can have a significant impact on your business.

Businesses can edit and access their data up to hundreds (if not thousands) of times a day. That results in the modification of data sets and their accuracy to the current calendar date.

There are instances where an organization might think they are accurately backing up their data, but the last time of data on record is weeks (potentially months) in the past. What good is a data backup if it doesn’t reflect the most recent, relevant information needed to operate? Depending on the needs of your business, you may need to backup data daily.

Test your recovery process using data backups

It is common for businesses to think they are doing proper data backups, but they’ve never actually tested the resolve of a cyber-attack using these data backups. Data backups are useless if they are unusable to restore operations and get employees back up and running.

Organizations that become encrypted in a ransomware attack have to think quickly about how they will deploy their data restoration process, as each second matters when your network is down, and clients are on the line. Developing your incident response plan will ensure your company has a specific policy to restore your data in the event of a ransomware attack.

What’s Hot on Infosecurity Magazine?