Mitigating Against Ransomware: Don’t Let Backups Be the Back Door

By Rick Vanover, Senior Director, Product Strategy, Veeam

The damage ransomware can inflict on businesses is staggering. For businesses who feel they have no choice but to pay cybercriminals in order to unlock their files, they not only put their money at risk but also put their reputation at stake. According to a report produced by Cybersecurity Ventures, global ransomware damage costs are predicted to cost upwards of $20 billion in 2021.

While the best remedy for a ransomware attack is prevention, in the prevailing threat landscape that isn’t always possible. The same Cybersecurity Ventures study forecasts that an organization will fall victim to a ransomware attack every 11 seconds in 2021. Ultimately, almost all computer systems are fallible to breach. So, businesses must be prepared for the reality of relentless cyber-attacks and have a contingency plan in place should the worst happen.

Having offsite and offline backups and robust disaster recovery capabilities can help businesses restore data that has been encrypted by attackers. However, the risks and possibilities of ransomware are varied. So, businesses need a plan for prevention and ensure their backup data cannot be used against them.

The threat landscape is evolving

There is a growing amount of fragmentation in the types of ransomware attacks in play today. Chief Security Officers (CSOs) mainly associate ransomware with data encryption. This involves malicious agents gaining access to sensitive or mission-critical data and encrypting it. The ‘deal’ in this scenario is the business pays a ransom in exchange for files to be decrypted and returned to their original, usable form. This is by no means the only threat for CSOs to consider. In other cases, cyber-attackers will upload data instead of encrypting it. This means the ransom is to prevent a public leak of potentially sensitive data.

These disguises and behaviours make it very difficult to consistently defend against the widening landscape of threats. The golden rule for organizations to follow is to maintain a clear view of what is normal behaviour within their own IT infrastructure. This can be achieved through continuous monitoring data and cloud storage, as well as leverage analytics on networks, operating systems and applications. This increased awareness of what a secure state of play looks like can make the suspicious and malicious activity easier to spot, crucially accelerating time to response.

Making good use of encryption is also key for organizations. If malicious threats cannot ‘see’ your data, it’s more difficult for them to use it against you. According to Duo’s Privacy in the Internet Trends report, 87% of web traffic is encrypted – a number that is rising all the time. However, it is less clear what percentage of enterprises’ data is encrypted. Zscaler’s IoT in the Enterprise found that 91.5% of traffic on enterprise IoT networks is non-SSL encrypted. These contrasting figures suggest there is a sizable gap between how enterprises generally are leveraging encryption versus major web platforms and service providers.

Are backups cyber-crime’s high-value target?

One area where encryption is vital to bolstering organizations’ defences against ransomware and insider threats is implementing ‘nearline’ encryption on data backups. The Veeam 2019 Cloud Data Management report found that over two-thirds of organizations are producing backups of their data. While this is, of course, a good thing, imagine the blackmail potential for a cyber-attacker of gaining access to a backup of an organization’s entire digital infrastructure?

Given that cyber-criminals using ransomware to blackmail businesses are looking for data, in theory, they can find whatever they need in an organization’s backed up files. These could be in all manner of forms: from system disks and removable hard drives to offline tape devices and cloud backups. Whichever option a business chooses, the backup repository itself must be protected against attack with an ultra-resilient media type. Otherwise, there’s a chance that in attempting to protect business continuity, businesses may be creating a trove of poorly protected data that could be used against them.

For some threat behaviours, this can be mitigated by encrypting backups every step of the way – from the first disk resource on-premises. Encrypting backups historically is a great idea when tapes leave the IT facility or if data is transmitted over the Internet. Given the prevalence of modern cyber-threats, encryption must take place nearer to the backing up process. The most effective technique, however, is resiliency in the backup data.

Securing data backups

This brings us to a conversation around ultra-resilient backup storage – the single most effective form of storage to be resilient against ransomware. There are a number of ways organizations can achieve this level of protection to ensure their data backups do not resemble a back door for cyber-attackers.

The first is utilising offline tapes, which are a very effective air-gapped form of backup media. While tape is often purported to be an old-fashioned and inefficient storage technology, it cannot be beaten when it comes to producing highly portable, secure and reliable backups at low-cost. Much like tape, removable drives have an offline element in that they are not online unless being read-from or written-to. This makes them a preferable option when it comes to reducing the visibility of backed up files to malicious agents.

Immutable backups in the cloud, such as AWS S3 storage’s compliance mode for an object lock, supported by Veeam, mean backup data stored in the cloud cannot be deleted by ransomware, malicious administrators or even accidentally. This is available in the public AWS S3 offering as well as a number of S3-Compatible storage systems (both on-premises and as a public offering). Furthermore, Veeam Cloud Connect offers protection through a capability where copies of backup data can be kept completely out of bounds for customers. This is delivered through a service provider and helps end-users protect against ransomware, insider threats and accidental deletion.

CSOs are constantly weighing up a trade-off between convenience and security. While enterprises undergoing digital transformation have multiple investment needs, protecting against ransomware is critical to ensuring business continuity. Offsite and offline backups can help mitigate the effects of ransomware. Combined with the right security solutions and employee training, ultra-resilient backup for Cloud Data Management can give organizations peace of mind that they are as protected as they can possibly be even in this evolving threat landscape.

About the Author

Rick Vanover AuthorRick Vanover (MVP, vExpert, Cisco Champion) is the director of Technical Product Marketing & Evangelism for Veeam Software based in Columbus, Ohio. Rick’s IT experience includes system administration and IT management; with virtualization being the central theme of his career recently. Rick can be reached online at (rick.vanover@veeam.com) and at our company website https://www.veeam.com/