Feb 20 2023

How to Keep Ransomware at Bay with an Effective Backup Strategy

Backups play a key role in reducing the risk of ransomware attacks, as long as the backups themselves aren’t compromised. Here’s how companies can build an effective strategy.

In the first half of 2022, there were more than 236 million recorded ransomware attacks. To help minimize their risk, 90 percent of companies are now backing up their data. But with attackers constantly evolving their methods, backups alone aren’t enough. Consider that 59 percent of companies aren’t backing up their critical data every day, leaving them at risk of significant data loss.

Even more worrisome is that ransomware groups are now targeting the data backups themselves, according to research firm IDC.

According to W. Curtis Preston, chief technical evangelist at Druva, there’s good news and bad news when it comes to ransomware.

“The good news is that ransomware groups are seeing a reduction in revenue as people refuse to pay,” Preston says. “The bad news is that malicious actors have moved to ransomware 2.0.”

According to Preston, ransomware 1.0 was simple. “Attackers encrypted data and demanded money,” he says. “Companies just needed a backup and a disaster recovery strategy, but many found out just how bad their DR was.”

EXPLORE: How Druva can help businesses secure their data.

What Is Ransomware 2.0?

Ransomware 2.0, meanwhile, shifts the focus to what Preston calls the “star player” of data defense: backups. “Now, they’re going after extortion,” he says. “They’re going to exfiltrate some data, such as personally identifiable information or private company information. And there’s no defense once data is outside a company’s control.”

As a result, business need a strategy to prevent backup attacks from happening in the first place.

Data backup solutions offer significant protection against ransomware attacks, so long as companies don’t fall victim to their Achilles’ heel: same-server storage. “Don’t put backup files on your primary server,” Preston says. “Companies can’t have these files sitting in a directory that’s visible in user space and says ‘E:/backups.’ If your backups are visible as files, they’re directly targetable.”

He suggests two strategies to solve this problem. First is changing the way on-premises backups are designed and administrated. The other is moving off-premises with a cloud-based backup solution.

DIVE DEEPER: How growing businesses can improve data storage performance.

Key Data Backup Best Practices for Businesses

For companies that choose onsite backups, Preston recommends separating the authentication system from the backup itself. “Don’t use Active Directory,” he says. “Use something like a password manager, and always implement multifactor authentication.”

Backup data must be stored discretely from operational servers, Preston says. This could take the form of a separate Windows or Linux server, or a purpose-built appliance.

“It’s also important that companies really look into the best they can do from an encryption standpoint, and consider adding another backup copy, possibly in the cloud,” he says.

Preston notes that while these processes are basic, they’re often ignored when backups are deployed. If companies take all the necessary steps, they could stop 95 percent of ransomware attacks, he says.

The other backup option is using a Software as a Service solution that occupies a different technology and administration domain.

“It’s a completely different security paradigm because it protects your data and puts the right people in the right place to take action. You’re having it run by team of people that live and breathe this stuff,” Preston says.

For example, Druva’s Data Resiliency Cloud helps companies reduce overall cost and complexity by 50 percent, Preston says, and it comes with the benefit of in-depth backup expertise. He notes that Druva handles multiple ransomware recoveries each month, so it knows what to look for, where to find it and how to get companies back on track.

When it comes to effective backups, there’s no one-size-fits-all solution. Whether companies opt for an on-prem solution, a cloud-based strategy or a combination to safeguard their data, Preston offers a simple, shared approach for successful protection: “The more you separate the data, the better off you’re going to be.”

UP NEXT: Explore the defensive technology trifecta that is Security service edge.

Brought to you by:

Mediamasmedia/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT