When a ransomware attack strikes, you can always turn to your backups, right? Maybe not.
Bad actors have caught on to this common strategy of avoiding having to pay a ransom to get their data back. They’re now aiming to eliminate the possibility of data recovery by attacking the data backups to maximize the impact of their attack, according to recent IDC Research, which also found shows 51% of ransomware attacks in 2023 attempted to destroy or damage backups, and 60% of those attacks were successful.
There are several ways hackers go after your data backups, but there are also things you can do to protect them so that they are still a viable way of restoring your mission critical data and applications after a ransomware attack.
Threat vectors
Hackers have a number of techniques they employ to compromise your backups while targeting you with a ransomware attack.
Social engineering remains one of the most popular methods of hackers; to trick employees into deleting the backed up data, they employ a phishing scam.
Hackers may also delete or encrypt the backups themselves, if they are able to compromise the backup tools by exploiting backup tool or script vulnerabilities, including weak authentication controls or vulnerabilities in the operating systems or storage software that host the backups.
If hackers can steal login credentials for administrators of both production and backup systems, then they can hold all the organization’s data hostage.
Backup safeguards
Even with this shift in strategy, there are ways you can prevent hackers from compromising your data backups using ransomware.
Just as you are already performing regular risk assessments to protect your mission critical data and applications, you need to understand how threat actors might target your backups. You must also consider the reality that it’s not possible to eliminate any risk completely.
Ideally, you want your backups to be offsite and have multiple copies that are stored at different locations, although this increases your data backup costs. Similarly, you should consider spreading your backups across multiple cloud platforms and accounts to increase availability and reliability.
No matter where you store your backups, they should be encrypted, and if possible, you should air-gap at least one of your backups – you can better protect them by disconnecting them from the network, so that even if your primary systems are compromised, there’s no route to them.
Backing up your data isn’t enough protection against ransomware. You need to safeguard your backups just as you do with your mission critical data and applications, and a managed services provider can help.
