Don’t Let Ransomware Destroy the Backups You Need to Recover from Ransomware

Backups are the primary means a business can use to recover from a ransomware attack. It’s no wonder, then, that many forms of ransomware now attempt to destroy any backup files they encounter. Protecting your backups against ransomware is an important part of your defensive strategy.

The Ransomware Threat Against Backups

Ransomware is a form of malware that encrypts system and data files with an unknown encryption key. This encryption makes the files unreadable by their owner. The only way to recover the data is to pay a ransom and receive the encryption key or restore the files from an unencrypted backup.

Some malware implementations attempt to recognize backups by file extensions and will delete those files. On Windows systems, ransomware can detect and delete shadow copies that support file recovery. Ransomware will also attempt to spread through the network, accessing mounted file systems containing backup, and encrypt those files as well. Ransomware may even be able to reach and corrupt backup files stored in the cloud.

Ways to Protect Backups Against Ransomware

The methods to protect backups against ransomware rely on making multiple copies of backups and taking steps to make them inaccessible to any ransomware.

Make Multiple Backups

It’s a good idea to use specialized third-party backup software rather than (or in addition to) built-in backup solutions. Ransomware can’t know how to target every vendor’s backup files.

Keep multiple versions of your backups. There are good reasons for this that have nothing to do with ransomware, but if your latest backup is encrypted, you can restore an older version of your files from before the ransomware attack.

Keep Backups Inaccessible to Ransomware

There are several ways to make backups inaccessible to ransomware:

Store at least one copy of your backups in an offsite location.
Dismount backup devices after the backup process is complete.
Make backup files read-only, or store on write-once media.
Use access controls such as Windows Controlled Folder Access to prevent unauthorized processes from accessing backup files.

Note that backing up to cloud does not make those backups inaccessible to ransomware, unless the only access to the backup is via an API rather than mounting the cloud as a drive.

Test Your Backups

It’s important to test your backup files periodically to verify that the data is complete and that you know how to access it and use it to restore your data. You should conduct a full disaster recovery test at least annually and continuously monitor your backup process and address any alerts or failures.

CCS Technology Group helps businesses implement comprehensive business continuity solutions to protect against ransomware and other causes of IT outages. Contact us to learn more about implementing a backup solution that protects your backups as well as your data.