ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

How to protect backups from ransomware

•
•
Databarracks
Databarracks

If cyber criminals can compromise your backups, they leave you with no alternative but to pay up. So how can you protect your backups to stop them being encrypted along with your production data?

1 of 5
Download to read offline
HOW TO PROTECT BACKUPS FROM RANSOMWARE
1 Immutable storage Immutable storage is the simplest way to protect backup data. Data is stored in a Write Once Read Many (WORM) state and cannot be deleted for a prespecified period. Policies are set in backup software or at storage level and it means backups can’t be changed or encrypted.
Utilising an ‘air-gap’ 2 Another method of protection is the ‘air-gap’. Adding an ‘air-gap’ means separating backups from production data so there is no way for an attack to spread from one to the other. Traditionally, that means keeping a copy of data physically separate, often on tape. If an organisation doesn’t want to keep its backups on tape (as many don’t), it’s also possible to create a logical ‘air-gap’, and there are several ways to do that.
3 Restricting access To protect backups, it’s important to prevent unauthorised access to backup software. Restricting access, strong passwords, and MFA all reduce the chance of attackers accessing backups.
4 Using backups todetectattacks Backup vendors are now adding innovative features, using signs from backup and production data to detect and prevent attacks. A sudden, very large incremental backup indicates that a lot of data has changed and should be investigated as a potential ransomware attack. Honeypot files can be closely monitored and provide alerts if ransomware encrypts those files. Lastly, you can monitor the entire storage environment can be monitored for spikes in I/O activity.

More Related Content

How to protect backups from ransomware

  • 2. 1 Immutable storage Immutable storage is the simplest way to protect backup data. Data is stored in a Write Once Read Many (WORM) state and cannot be deleted for a prespecified period. Policies are set in backup software or at storage level and it means backups can’t be changed or encrypted.
  • 3. Utilising an ‘air-gap’ 2 Another method of protection is the ‘air-gap’. Adding an ‘air-gap’ means separating backups from production data so there is no way for an attack to spread from one to the other. Traditionally, that means keeping a copy of data physically separate, often on tape. If an organisation doesn’t want to keep its backups on tape (as many don’t), it’s also possible to create a logical ‘air-gap’, and there are several ways to do that.
  • 4. 3 Restricting access To protect backups, it’s important to prevent unauthorised access to backup software. Restricting access, strong passwords, and MFA all reduce the chance of attackers accessing backups.
  • 5. 4 Using backups todetectattacks Backup vendors are now adding innovative features, using signs from backup and production data to detect and prevent attacks. A sudden, very large incremental backup indicates that a lot of data has changed and should be investigated as a potential ransomware attack. Honeypot files can be closely monitored and provide alerts if ransomware encrypts those files. Lastly, you can monitor the entire storage environment can be monitored for spikes in I/O activity.