How Variants in Ransomware are Neutralizing Data Backups

How Variants in Ransomware are Neutralizing Data Backups

How Variants in Ransomware are Neutralizing Data Backups

There are some sophisticated criminals online. They come in the form of hackers, who use ransomware as collateral against corporate companies to hold their data hostage.

This is typically executed through an email attachment. The FBI typically advises against paying the ransom because there is no guarantee that your data will be recovered.

This means that backup restoration is the best way to protect against cyber attacks like this. However, even this option isn’t entirely safe.

Sub Par Restorations

One way that restoration backups can be less than average is by leaving out essential systems or making shortcuts to cut down on costs.

Because ransomware is becoming smarter and more pervasive, it’s recommended that companies test their backup systems. Some ransomware can even destroy backups in addition to encrypting data.

New Variants Targeting Backups

While new ransomware can potentially destroy a companies backup, there are a few factors that need to be considered for this actually to occur. These include the way the data was backed up and the variant involved in the ransomware.

Another way that ransomware can target backups is by having the backup attached to the computers filing system. If there’s any hint of a connection, the ransomware will be able to access the backup as well.

Ransomware variants are often made to attack specific types of files, for example, PDF. There are also variations in ransomware that attack all records, regardless of their type. This means that any backup that’s been executed while still attached to a computer’s filing system is at risk of being destroyed.

The right type of data backup should be able to pull information from a protected host that’s separate to the company’s computer system.

Replication’s Hidden Risks

Another way to protect a company’s data is by replicating the information. When a system is shut down by ransomware, the company can activate the replica without losing any valuable data.

However, there’s a problem with this method. Replication is designed to protect against hardware failure, not ransomware infiltration. This means that any damage ransomware does to the original files will be translated onto the replica copies, too.

If your company uses a replication tool, check to see if it has multiple points of recovery.

The Value of an Air Gap

The golden rule when it comes to protection is: ransomware can’t influence what it can’t touch. This is where an air gap comes in. This means putting as much space between a ransomware attack and your backup.

It’s like having a middleman – a disk-to-disk-to-tape. Information is periodically written to tape, which is then removed from the location of the original copy. In a situation where ransomware has completely destroyed your data and the backup disk your data was on, you’ll still have a copy of everything safely recorded by the tape.

Revisiting Your Permissions Model

Having a robust permissions model when storing data online and running valuable systems is essential to protecting your company against a ransomware attack. The best permissions model is when users only have access to what is necessary.

If you’re running a backup system off the computer, you’ll want to ensure it has its own service account, instead of recruiting the last user’s account. This means that you can back up the system without the user needing permission to do so.

This means that if there is a ransomware attack, the ransomware is most likely to go for the end user’s security information, overlooking the fact that your backup has a dedicated service account.

Ransomware Protection: The Bottom Line

When it comes to protecting your company’s data against ransomware, it’s important to remember the word continuity. Even if you have a sophisticated system in place that allows for recovery, this recovery is still going to take time.

Focus, instead, on minimizing the chances of being attacked by ransomware in the first place. One stand out way to implement this is to make sure users only have access to what they need. Additionally, remember to have a data protection system in place that’s continually backing your data up, so that you can cushion the blow as much as possible.

The following two tabs change content below.
David has held positions as Operations Director and Head of IT in legal and professional firms for more than 10 years. He is a Director and co-owner of Amazing Support, a Microsoft Silver accredited and specialist Managed IT Support and IT Services company. David actively helps SME businesses receive better Managed IT Support and IT Services in the London and Hertfordshire areas. He also assists overseas companies who are looking to expand their business operations into the UK and helps with their inward investment IT process. A member of The Chartered Institute for IT (BCS), UK Council for Child Internet Safety (UKCCIS) and an event speaker promoting business start-ups and technology awareness. Married with a son, you will often see him riding his bicycle around the Hertfordshire towns! David participates in charity bike rides and is a keen Krav Maga practioner.