How to Protect Backups From Ransomware

Most organizations invest in protection and detection tools to keep their networks secure. But, what about securing your backups?

Backups have become a prime target for cybercriminals  because they are the primary way to return an organization to a known good state if data is compromised . If an attacker can hold your network hostage, you may think, we can restore from backup! But what happens if those backups for all your mission-critical data, applications, servers, and VMs are held hostage as well?

We have seen several companies that were hit by ransomware attacks. These attacks ground their businesses to a halt. According to Govetech, businesses lose around $8,500 per hour due to ransomware-induced downtime, and more than $64,000 in downtime costs on average.

While ProArch's Incident Response team worked tirelessly to get them back online, a few had to resort to paying the ransom as their backups were also compromised. Whether believed or not, every business has something to lose, and attackers always have something to gain.

It is vital to understand your backup environment, and these companies missed several essential steps in their backup processes and did not have a ransomware backup strategy in place.

How to ensure your backup infrastructure is protected from cyberattacks and ransomware:

1. Isolate backups
   Remove backups from the domain and use a separate authentication system in case domain credentials are stolen. Backups should never be presented as a share on the network (non-contiguous name-space).
    
2. Keep multiple backup copies at multiple locations
   Have three different copies of important files, using at least two backup methods. One of them needs to be at a different location or in the cloud.
    
3. Understand where critical information resides
   Know where data is stored on the network and set Recovery-Time and Recovery-Point Objectives (priorities) for restoring data after an event.
    
4. Encrypt backups
   If backups are compromised and encrypted, there is a high likelihood your data will be safe.
    
5. Test backups
   Make testing backups a routine task to ensure failures are remediated, and data is being fully and accurately processed.
    
6. Document backup policies and procedures
   Maintain documented backup and recovery policies and procedures with assigned responsibility.

Data is one of your organization's most valuable assets. If your data is compromised, backups are the lifeline to preventing business interruption and downtime. 

ProArch can help evaluate your current backup and recovery strategies and outline recommendations for a secure backup environment that meets recovery objectives.