Ransomware protection: the limits and risks of backup

Ransomware is one of the fastest-growing cyber threats; reports of these incidents increased by 62% in 2021 compared to 2020. Your business needs to have strong cybersecurity defenses in place to protect against ransomware – but you also need to be prepared for the worst.

Data backups should be a key part of your ransomware protection and disaster recovery plan, but should not be relied upon alone.

This article will explain the risks and limits of backing up your data as a way to protect yourself against ransomware.

What is ransomware?

Ransomware is a type of malicious software which encrypts the files on your computer and network, making them inaccessible. It then demands a ransom payment in order to decrypt the files.

Ransomware can spread through many different ways. It can be downloaded onto a device through malware-infected websites, email attachments, or social media platforms. Once installed, ransomware may immediately begin encrypting files or display a message demanding payment to unlock them. This process can be lengthy and costly.

There are many potential risks associated with ransomware attacks, including reputation damage from having data stolen; disrupted service due to system failures; legal liability if sensitive information or trade secrets are compromised; and in particular, financial losses due to lost productivity and stolen assets. In fact, global ransomware damages are expected to exceed $30 billion USD by 2023.

Backup as protection against ransomware

Backup is used to create a replica of your data in a different location, so it can be restored in case of a data loss or corruption.

Ransomware can encrypt only the files open at the time of infection, but not the files stored offline. This means if you have a recent backup, you can restore your files from the backup, even if your computer is infected by ransomware.

There are several advantages to using a backup to protect against ransomware:

The limitations of backups

The key question is whether you can trust the restoration of your data from the backup. Can you be sure the ransomware which encrypted your files will not also have corrupted the backup?

Backup data is usually stored in another site. If the backup machine is infected with ransomware, and this ransomware is able to modify the backup data, the backup machine can become a source of reinfection. In addition, some ransomware infects the backup data if it can read it.

Another issue occurs when backup data is unencrypted, which allows the ransomware to encrypt it. Ransomware can also damage backup data by deleting it or by changing the file format, rendering it unrecognizable.

Immutable backups

An immutable backup is a special type of backup which does not change. It does not contain the latest data and does not change over time. It is intended, therefore, to be read only, and any attempt to write to it will corrupt the backup. However, it is important to remember that transient errors (such as network issues) could result in changes to the backup being lost. Therefore, you should always keep multiple copies of your backups in case one doesn’t work out as planned.

Ransomware is written to look for new data, so an immutable backup will likely not be attacked by ransomware, even if it is unencrypted.

Immutable backups are particularly useful for:

Protecting against accidental deletion: If data is deleted accidentally, it is lost forever, but can be recovered if you take an immutable backup before it is deleted.

Protecting against hardware failure: A hard drive crash or other disaster can render the data on your computer inaccessible, even if you have a copy of it elsewhere. If you have an up-to-date immutable backup, however, you will still have access to all your data.

Providing an audit trail of changes to data over time: When changes are made to data, you often want to know who made them and when they were made. This can be difficult to achieve with traditional backups, as those files are always date-stamped as being created at a particular point in time.

Other ransomware protection

Keep apps up-to-date: Updates contain security fixes which can help protect your computer from future attacks by patching any vulnerabilities cybercriminals may have exploited.

Implement access controls: By restricting access to certain areas, you can limit the people and devices which can connect to your network.

Use multi-factor authentication: This limits access to your account only to users who have a unique, individualized set of credentials. This makes it much more difficult for an attacker to impersonate legitimate users and access sensitive data.

Use antivirus software: Antivirus looks for known types of malware so it can block them before they can infect your system. It can also scan your files for signs of infection and alert you when these signs are detected.

Train your users: If your users know what ransomware is and understand how it works, they will be more likely to recognize the signs and avoid falling victim to this type of attack. Also, training them about how to respond when they encounter ransomware will build their confidence in dealing quickly and confidently with these issues if they arise.

Find the right ransomware protection with the cybersecurity experts

While data backups should be a key part of your overall cybersecurity posture, as well as your disaster recovery plan, they cannot be fully relied upon as complete ransomware protection.

The cybersecurity specialists at BCS365 can manage your entire cybersecurity environment to ensure you have maximum protection against ransomware and other cyber threats, and a robust backup and disaster recovery plan ready for the worst-case scenario. Talk to them today and be prepared.