Ransomware has changed the way we think about data backup

Topics:

Jul. 15, 2021

We’re barely past the mid-point of 2021, and it’s already clear that the ransomware threat has gone up to another level entirely in terms of the volume of attacks and amount of the ransom demands. Unless you’ve been living in a lead-lined bunker, you will be familiar with some of the headline-hitting ransomware attacks so far this year, and the threat is only going to continue to increase.

Not surprisingly, the questions organizations are asking right now are a) how to prevent a ransomware attack and b) how to recover data without paying a ransom if the organization is breached by a ransomware attack.

Defense in depth

The best defense against ransomware and other advanced threats is to deploy multiple layers of security. For ransomware in particular, this comes down to three key areas:

Deploying email protection to defend against phishing and protect credentials.

Protecting your applications and access to those applications.

Building a comprehensive data protection strategy with backup solutions that protect data on-premises and in the cloud.

For this blog, let’s focus on the last of these three steps and discuss why good backups and following data protection best practices make full recovery of data possible without paying the ransom.

Multi-vector attacks

Compared to the straightforward WannaCry-style “compromise and encrypt” attacks of a few years ago, attackers are now taking a more sophisticated multi-vector approach.

Attacks still often start with a spear-phishing email, but today’s ransomware attacks aren’t triggered immediately when the target clicks the malicious link.

Instead, cybercriminals use this step to steal the credentials of the victim. The credentials are then used to access the organization’s network and lurk there, evaluating assets, servers, databases, and the email platform. This surveillance can last for months before they unleash their attack. This is exactly what happened in the recent ransomware attack against the Irish health service body, the HSE. The hackers claim they spent two weeks inside the HSE’s network before launching the attack that encrypted and stole 700GB of patient data.

Backup weak points

Backup solutions are a focus for attackers during the ‘lurking’ period when they are exploring the network. The backup admin console is particularly important to them because it gives them access to backup schedules, configuration, retention policies, and the ability to start deleting things.

Attackers also target backup storage itself, hoping to delete your primary backup server and any secondary disaster recovery backup copies you maintain. Once they capture Active Directory passwords so that no one can log in to their accounts, that’s when they can pull the trigger. They’re in control.

Your company might have cyber insurance or other resources to pay a ransom, but it’s extremely dangerous to assume that paying a ransom will get your data restored. There is no guarantee hackers will unencrypt data when a ransom payment is made, and even if they do, the latest research shows that 80% of organizations that paid a ransom were attacked again.

The ransomware threat forces us to think about backup in a new way. We can no longer think of data backup in terms of the traditional 3-2-1 backup strategy.

What you need in your backup solution

To mitigate risks associated with ransomware, you need a comprehensive backup solution that provides the following:

Immutable storage — Even if the attacker gains access to your backups, he can’t modify or delete that data.

Multi-factor authentication (MFA) — Secure the accounts and credentials used to access the backup.

Role-based access control — Follow the principle of least privilege for all users who have access to the backup system.

Air-gapped cloud — Maintain a copy of your backup in a secure cloud that resides on an isolated network.

Multiple backup copies — Replicate your on-premises and cloud backups to another location.

Barracuda data protection

Barracuda provides all of this and more. Our solutions increase the resiliency of your backup and reduce the number of ransomware attack surfaces in your environment. Our on-premises Barracuda Backup server is a hardened, air-gapped device that prevents network “lurkers” from finding your backup data during pre-attack reconnaissance. Unlimited Barracuda cloud storage allows the Barracuda Backup server to replicate backups to a secure cloud.

Office 365 deployments are protected with Barracuda Cloud-to-Cloud Backup, which allows you to protect and recover data from SharePoint, Teams, Exchange, and OneDrive. Backup and restore everything in SharePoint, including different site templates, custom lists, permissions, and metadata—eliminating much of the labor and expense associated with restoring files only.

Barracuda also provides rock-solid tech support to assist with deployment and configuration, as well as to provide recovery assistance to ransomware victims. Get a reliable partner in data protection by contacting us today.

Find out how Barracuda can protect your business against ransomware attacks

Charlie Smith

Charlie Smith is a Consultant Solutions Engineer specialising in Data Protection and Disaster Recovery, with over 22 years’ experience designing and architecting both on-premises and cloud-based solutions, he helps organisations mitigate against the risk to data loss, ransomware and malware attacks. Charlie works closely with regional sales and SE teams who utilise his knowledge and expertise to support and drive data protection projects across EMEA for Barracuda.

Connect with Charlie on LinkedIn here.