Ransomware has grown to become one of the biggest cyber threats today for both individuals and organizations. These malicious programs are specifically designed to encrypt files on systems and demand ransom payments in order to restore access and functionality. If backups are not properly secured, ransomware can penetrate backup systems and files, rendering restoration impossible.
One of the most important things you can do is isolate your backups from your main network and only access them when needed for restoration purposes. Do not store backup files on the same system they originated from or on network-attached storage that is accessible from client devices. Instead, store backups offline on external storage devices like external hard drives or tape drives that are completely disconnected from your network. Physically secure these backup storage devices away from your main systems in a locked environment where unauthorized access is not possible.
You should also leverage backup best practices like the 3-2-1 rule – having 3 total copies of your data with 2 local on different storage mediums and 1 offsite. For the offsite copy, leverage cloud backup services that provide secure air-gapped storage in isolated infrastructure where ransomware cannot traverse networks to encrypt files. Look for providers that can guarantee point-in-time restoration capabilities to roll data back before an attack occurred.
Implement multi-factor authentication on all administrator accounts for your backup systems and storage devices. Strong and unique administrative passwords are also critical to prevent unauthorized access. Enable automated backup monitoring and alerting as well. If backups stop running as scheduled or file integrity checks fail, you need to be notified right away to investigate potential issues.
When backing up, do full backups along with incremental backups. If ransomware infects your systems, you will need the full backup image to restoration from before the files were encrypted rather than just relying on incrementals that may have been compromised too. Test your restore process from backups on a regular basis to validate backups are valid and you can successfully restore from them in the event of an attack or data loss incident.
On the backup storage media and devices themselves, leverage encryption at rest to add an extra layer of security. Even if a bad actor was somehow able to gain physical access, without the encryption key stored securely offline, they cannot decrypt and alter or encrypt your backup files. Consider regularly rotating or replacing backup media as well depending on your retention needs. Older backup tapes or hard drives no longer needed can be properly destroyed or physically destroyed.
Control access to your backup infrastructure with network segmentation best practices. Use a separate backup network segment that is firewalled and not directly accessible from endpoints or the primary production environment. Routers and switches for the backup network should also have very restricted administrative access controls enabled via strong unique credentials.
Monitor your endpoints, servers and network for suspicious and malicious activity with tools like antivirus software, endpoint detection and response (EDR) solutions and network intrusion prevention systems (IPS). Keep all software up to date with the latest patches as many ransomware variants leverage known vulnerabilities that have fixes available. Limit account privileges and rights to only what is needed for a user’s specific job functions using the principle of least privilege.
By following security best practices for isolating, encrypting, authenticating and monitoring your backups, you significantly reduce the risk of ransomware successfully compromising your restoration capabilities. Having reliable, tested backups is one of the best defenses against evolving ransomware threats and will help ensure you can recover should prevention controls someday fail despite your preparedness efforts.
Proper cyber hygiene and implementing a defense-in-depth approach with backups as the last line of defense is key. No single solution can provide complete protection, but layering controls according to guidance from security experts gives you robust protection suitable for today’s sophisticated cybercriminal landscape.