Can Ransomware Infect Backups?

If you’ve been paying any attention to the field of cybersecurity in the last several years, you’ve probably asked yourself is if ransomware can infect backups? This particularly nasty form of malware encrypts the files and applications on your computer, and then charges you a hefty sum of money to regain access.

Ransomware has the potential to bring your operations to a shuddering halt—which means that it’s rapidly becoming the preferred attack vector for malicious actors looking to make a quick buck. In 2019, hundreds of U.S. government agencies, hospitals, and educational institutions were hit by ransomware attacks, with an estimated cost of $7.5 billion.

The good news is that backups are one of the best strategies you have to defend your organization against ransomware. The bad news is that backups aren’t themselves immune to ransomware—if you don’t protect them well enough, your backups could become encrypted along with the files themselves.

In this article, we’ll go over everything you need to know about ransomware and backups: both how ransomware can infect backups, and what you can do to protect your backups from ransomware.

How Ransomware Attacks Work

Ransomware attacks can spread in a variety of ways:

• Malicious hyperlinks or email attachments
• “Drive-by downloads” from visiting a compromised website
• Attacks through Microsoft’s Remote Desktop Protocol (RDP)
• USB drives and other removable media
• Exploits and security vulnerabilities in networks and web servers

Once present on your system, ransomware begins encrypting your files and applications, preventing you from accessing them without the associated decryption key. To hike up the urgency, the attacker will give you a deadline by which you need to pay the ransom, which can cost hundreds or thousands of dollars. (Depending on the generosity of the attacker, you may or may not receive the right decryption key after paying this fee.)

Theoretically, backups should help you survive a ransomware attack without too much disruption. Even if the contents of your system are encrypted, you can simply restore the non-encrypted versions from backup, keeping downtime to a minimum. As we’ll discuss in the next section, however, backups aren’t necessarily a foolproof solution for ransomware.

How Ransomware Targets Backups

Many ransomware attackers are producing sophisticated attacks that are intended to thwart the strategy of keeping backups:

• Local backups: Backups that are locally connected to an infected computer can easily fall prey to ransomware themselves. Once the ransomware is present on your system, it can spread to external hard drives or file servers that are connected to your computer, as well as other computers on the network.
• Cloud storage: You might think that the cloud keeps your files more secure by storing them on a different server, but this is very often not true. Cloud storage solutions such as Dropbox and Microsoft OneDrive are usually set to automatically synchronize their files with their local versions on your computer. This means that once your local files are encrypted by ransomware, the encrypted versions may also propagate to the cloud.
• System Restore: Windows’ System Restore feature helps you fix crashes and problems by reverting to a previous working state. However, System Restore only preserves the drivers, settings, and system files that Windows needs to run, not your own personal files—which makes it of limited use during a ransomware attack. What’s more, smart attackers are developing ransomware that deletes the automatic backups that System Restore depends on, such as restore points and shadow copies.

How to Make Your Backups Ransomware-Proof

If ransomware can infect backups, then what steps can you take to protect backups from ransomware attacks?

1. Keep multiple local backups

The key to defeating ransomware is to diversify your local backups as much as possible. Ideally, you should maintain at least two different local backups of your files and applications on multiple forms of storage media (e.g. local drives, file servers, tape drives, etc.)

In addition, at least one backup copy should be isolated from your network and stored offsite. This is not only a good practice for ransomware, but also protects you from natural disasters such as fires, floods, and storms.

2. Protect your cloud backups

If you want to use the cloud as part of your ransomware defense strategy, make sure that you have the right solution in place. “Cloud storage” offerings keep your data in the cloud, but they don’t necessarily include versioning features that allow you to revert to previous versions of a file.

“Cloud backup” solutions, on the other hand, should have built-in file versioning, as well as additional features such as strong encryption and status reports. Many cloud backups also provide automatic malware scanning in order to detect and neutralize threats.

3. Prepare yourself

The better prepared you are for a ransomware attack or other cyber disaster, the more likely you are to come out unscathed on the other side. Every business should have a clear, well-developed disaster recovery plan that you test on a regular basis. Determine what level of data loss you’re comfortable with (i.e. the maximum recovery point objective), and then determine how often you need to make backups to meet this target.

Final Thoughts

While ransomware can infect backups, the good news is that you can lower this risk and protect yourself by taking some common-sense precautions. Looking for a robust cloud backup solution that can help defend you from ransomware? Get in touch with NETdepot’s team of experts to develop a smart ransomware strategy for your business.