If you’ve been paying any attention to the field of cybersecurity in the last several years, you’ve probably asked yourself is if ransomware can infect backups? This particularly nasty form of malware encrypts the files and applications on your computer, and then charges you a hefty sum of money to regain access.
Ransomware has the potential to bring your operations to a shuddering halt—which means that it’s rapidly becoming the preferred attack vector for malicious actors looking to make a quick buck. In 2019, hundreds of U.S. government agencies, hospitals, and educational institutions were hit by ransomware attacks, with an estimated cost of $7.5 billion.
The good news is that backups are one of the best strategies you have to defend your organization against ransomware. The bad news is that backups aren’t themselves immune to ransomware—if you don’t protect them well enough, your backups could become encrypted along with the files themselves.
In this article, we’ll go over everything you need to know about ransomware and backups: both how ransomware can infect backups, and what you can do to protect your backups from ransomware.
Ransomware attacks can spread in a variety of ways:
Once present on your system, ransomware begins encrypting your files and applications, preventing you from accessing them without the associated decryption key. To hike up the urgency, the attacker will give you a deadline by which you need to pay the ransom, which can cost hundreds or thousands of dollars. (Depending on the generosity of the attacker, you may or may not receive the right decryption key after paying this fee.)
Theoretically, backups should help you survive a ransomware attack without too much disruption. Even if the contents of your system are encrypted, you can simply restore the non-encrypted versions from backup, keeping downtime to a minimum. As we’ll discuss in the next section, however, backups aren’t necessarily a foolproof solution for ransomware.
Many ransomware attackers are producing sophisticated attacks that are intended to thwart the strategy of keeping backups:
If ransomware can infect backups, then what steps can you take to protect backups from ransomware attacks?
The key to defeating ransomware is to diversify your local backups as much as possible. Ideally, you should maintain at least two different local backups of your files and applications on multiple forms of storage media (e.g. local drives, file servers, tape drives, etc.)
In addition, at least one backup copy should be isolated from your network and stored offsite. This is not only a good practice for ransomware, but also protects you from natural disasters such as fires, floods, and storms.
If you want to use the cloud as part of your ransomware defense strategy, make sure that you have the right solution in place. “Cloud storage” offerings keep your data in the cloud, but they don’t necessarily include versioning features that allow you to revert to previous versions of a file.
“Cloud backup” solutions, on the other hand, should have built-in file versioning, as well as additional features such as strong encryption and status reports. Many cloud backups also provide automatic malware scanning in order to detect and neutralize threats.
The better prepared you are for a ransomware attack or other cyber disaster, the more likely you are to come out unscathed on the other side. Every business should have a clear, well-developed disaster recovery plan that you test on a regular basis. Determine what level of data loss you’re comfortable with (i.e. the maximum recovery point objective), and then determine how often you need to make backups to meet this target.
While ransomware can infect backups, the good news is that you can lower this risk and protect yourself by taking some common-sense precautions. Looking for a robust cloud backup solution that can help defend you from ransomware? Get in touch with NETdepot’s team of experts to develop a smart ransomware strategy for your business.