Data Backups and Ransomware
The sole act of keeping and maintaining data backups is one of the most important things a business can do. This is true no matter what size a business is or what industry they reside in. But with the rise of ransomware attacks, it’s only a matter of time until cybercriminals target those backups along with other critical business systems.
Are offline backups enough to mitigate some of the damage and loss from a ransomware attack? To really understand the role of offline backups in a ransomware attack, it is important to understand what a ransomware attack really is and what attackers use them for.
What Is Ransomware?
Ransomware is a type of malware that holds victim data hostage in exchange for some form of payment or action. For example, in April of 2021, a group of cyber attackers targeted Quanta Computer, one of Apple’s business partners. The attackers wanted Quanta Computer to dish out $50 million by April 27th, 2021 in exchange for a decryption key that would release their now hijacked data.
Ransomware is a dirty business, but it can be an extremely profitable one for criminals, especially if their intended victim actually pays out. And despite how large of a company Quanta Computer is, they still fell victim to the attack.
Offline Backups
Ransomware attacks are quickly becoming one of the most powerful ways criminals can bully a business into paying out large sums of money in exchange for getting their own information back. A great way to offset this is with offline backups. If a criminal is able to successfully execute a ransomware attack on a business, that targeted data becomes unaccessible to the business due to sophisticated encryption mechanisms. With secured offline backups, the business can hopefully cut off attacker access and restore the backups to continue with business operations.
This doesn’t solve the initial problem of the attack in the first place, though. And if there are specific trade secrets that are going to be released, there’s not much that can be done to prevent the release if the attackers go through with their threat.
Removing Offline Backups From the Network
Even with offline backups, if those are still connected to the compromised network, attackers can encrypt that data and render the benefits of the backup useless.
To combat this, a good practice is to keep a master backup completely disconnected from a business’s network. This means locking the backup away in a secure, non-connected environment.
Best Backup Procedures
Maintain a Backup Offsite
Keep a copy of sensitive or important data backed up at an unconnected location. This helps to guarantee that in the event of a ransomware attack, an untampered copy will remain somewhere safe for later restoration.
Redundancy
Businesses should also maintain more than 1 backup. Multiple instances of offsite redundancy are always the best backup method and will likely remain that way in the future.
Maintain an Adequate Backup Schedule
How often does your backup need to happen? This is different for all businesses. Whatever the timeframe is, make sure that it’s always adhered to.
Suppose an attacker launches a ransomware attack at 2:00 pm on a Wednesday. Hourly backups would allow for restoration from at least 1:00 pm and back, daily backups from the Tuesday before, and so on. Weekly data backups, while better than nothing, are usually not frequent enough to successfully subvert a ransomware attack. We recommend daily backups at a minimum for the most effective ransomware protection.
Network Coverage Can Help Secure Your Data
Ransomware attacks are never fun, and being the victim of such an attack without a resilient backup strategy can completely cripple a business. Our team of data experts is ready to help ensure your data is safe. If you’d like to learn more, contact us today.