Ransomware targets backups: 3 ways to protect your company’s data

Ransomware has run cybersecurity researchers ragged this year, and 2017 isn’t quite finished yet.

With headline-hitting attacks like WannaCry and NotPetya, it’s no surprise there’s another ransomware variant hitting companies hard: Bad Rabbit. The newest kid on the block, Bad Rabbit hit systems in Russia at the end of October and spread slowly but surely across the rest of the globe.

Researchers were able to come up with a vaccine against the virus that halted its spread. Luckily, Bad Rabbit didn’t cause as much panic or seize headlines as WannaCry did – and there are a couple reasons why.

New kid on the block

For starters, Bad Rabbit didn’t shut down any hospital systems like WannaCry did in the UK.

Another reason is that Bad Rabbit didn’t spread fast enough to cause alarm. It hit companies in Russia and transportation utilities in Ukraine, but gave the impression it was fairly contained.

One reason is more worrisome than comforting, however, and it’s that people are growing more complacent about ransomware attacks, which could lull people into security fatigue.

But if people think ransomware is simple to recover by just relying on strong backup systems, they should be more concerned. Security researchers predict that ransomware will keep evolving, and one day soon may start targeting backup systems.

Targeting default recovery programs

This type of attack was already seen in WannaCry and in the newer versions of CryptoLocker viruses. Both will target and delete Windows’ built-in easy recovery files called “shadow copies.”

On the Mac, backups were being targeted back in 2015 when a ransomware virus shut down Mac’s recovery program, Time Machine. You may think that in the age of the cloud, backups are safer, but that may not necessarily be the case.

Terror from above

Improperly configured cloud files may be linked to other shared network files, which ransomware can easily jump into and encrypt.

Network file servers should be backed up routinely, with multiple copies stored separately and inaccessible to the rest of the system. This provides some assurance that if ransomware spreads across your network, the backups are isolated.

If your backup service provider uses the cloud, look into getting hard drive copies of the backups mailed in case there’s an incident. Often, cloud providers can take up to a week to fully restore lost data through an off-site download, whereas on-site recovery might be faster.

24-hour surveillance

Another good habit is to monitor not just your current server status, but backup performance too.

Set up alerts that monitor whether files are being changed too quickly or the backup was accessed suspiciously so you can respond faster to a potential incident. The faster you respond to an attack, the better the chances are of recovering and protecting data.

Finally, make sure your backup and recovery process is accurate and that it works. In several cases of ransomware, companies thought they could recover because they had backups in place. Except those companies hadn’t tested their processes, so they didn’t know they were backing up the wrong data, and not often enough.

Just like any disaster recovery, test how quickly systems can be restored.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy