How to protect backups from ransomware

Sarah Bader | Last updated on August 30, 2022 | 6 minute read

how to protect backups from ransomware. Image shows cut out printed letters that spell "We have your data" in the style of a ransom note.

Ransomware is easily the most concerning cyber scourge of our time. As time goes by, ransomware attacks are becoming more sophisticated, and payout demands continue to climb. Cloud backups are an integral part of a cybersecurity policy, but is it even possible to protect backups from ransomware?

In response to the mounting threat environment, organizations apply data security policies, software, and strategies designed to mitigate the risk. And while the ultimate goal is to prevent and avoid ransomware attacks, it’s just as critical to have a plan to recover from an attack should it occur. With a cyberattack occurring every 36 seconds, it’s no longer a matter of if you’ll be attacked, but when.

Fortunately, businesses today have a wide array of tools to strengthen their cybersecurity posture. One of the most critical security tools is an offsite or cloud data backup that follows the 3-2-1 best practice.

What is a ransomware attack?

Ransomware is a type of malware that infects your computers, locking down your files, folders, software, and other systems. Once it’s attached itself to your systems, it encrypts all of your data so you can’t access or use it.

The entity or person that’s controlling the ransomware then sends you a message that they’ve hijacked your files and demands a ransom to decrypt them. Until you’ve paid the ransom, your files are inaccessible.

Most companies will usually pay the ransom as any downtime at all could be devastating to their business continuity. Ransoms can range from a few hundred to thousands or even millions of dollars, as evidenced by the Colonial Pipeline hack in Q2 of 2021. According to current data, ransom amounts have increased 171% since 2019.

Why is ransomware so dangerous?

Small businesses tend to think they aren’t at risk from ransomware, but the truth is much more insidious. Nearly 1/3 of cybercrime victims were small to midsize businesses in 2019, and that number is expected to continue to rise.

Malicious actors sometimes prefer to go after small companies because they know their security isn’t what it should be. So don’t assume you’re not a target. Ransomware is a serious risk to all types and sizes of companies. Nobody is exempt.

But ransomware attacks carry additional risks beyond the separation from your vital business data. It often takes weeks to thoroughly infect a company’s systems with ransomware. During that time, the malicious parties have full access to your sensitive files, folders, and financial data, which they could easily steal and either re-sell on the dark web or use as additional leverage in a bid to get you to pay twice.

Plus, there are no guarantees that these criminals will keep their word. It’s feasible that they’ll leak your data anyway, even if you’ve met their payment demands.

Suppose the leaked data includes personally identifiable information (PII), financial data, payment data, or intellectual property owned by one of your clients. In that case, you will be liable for regulatory fines and litigation, and your company might not recover.

5 tips to protect backups from ransomware

Backing up your data and systems is an essential practice. If you experience a ransomware attack and the cybercriminal steals your data, having a recent backup of your data will help you recover quickly. Of course, the easiest method to protect yourself against ransomware is to try to detect and prevent attacks from happening.

Here are five actionable tips to help you do this:

1. Implement endpoint security

The security solutions you choose should be based on your risk level and infrastructure. If you are unsure about where to start, it’s a good idea to engage cybersecurity expertise to audit your threat environment, do some penetration testing, and advise on the best solutions for your needs.

At the very least, you need a good firewall and virus protection. But keep in mind, these only go so far. If an employee receives an email that looks like it’s coming from a colleague and opens a malicious link, all the firewalls in the world won’t stem the tide.

If your systems are primarily in the cloud, you benefit from the latest cybersecurity protection and encryption. However, there’s always more you can do. Ask your cybersecurity vendor for recommendations.

2. Train your people to recognize and avoid malicious attacks

Ransomware often enters your system through a malicious link in an email or a file you download. It’s easy to say, “don’t open any email links,” but sometimes, the email looks totally legitimate.

Establish a stringent security policy and enforce it judiciously. Train your staff to recognize common threats and ensure they know what to do when they identify one. Turn on any spam or phishing alerts offered by your email provider. Update security policies frequently and schedule regular refreshers to alert staff to new or emerging threats. For example, all Rewind employees go through regular security training on how to detect and prevent the latest techniques in ransomware.

3. Enforce backup best practices

The golden rule of backups states that you should have three copies of your systems on two different media with one stored off-site. Many companies choose cloud storage for that off-site copy, but if you want to protect your backups from ransomware attacks, you’ll also need to have one stored offline. Ransomware will only infect files it can see, so having a separate copy reduces that risk. However, if the data is already infected, even the best backup strategy won’t be much help.

4. Monitor continuously

Ransomware infects the device it’s downloaded onto first. If you can detect minute changes in real-time, you’re better able to isolate and quarantine the device before the ransomware infiltrates your network. If you’re only monitoring intermittently, it increases the risk as, by the time an anomaly is detected, you might be past the point of no return.

5. Avoid long backup cycles

Frequent full backups are essential if you want to recover quickly from a ransomware attack. Ideally, you should do a full backup daily to capture frequent changes and updates. If you’re doing a full backup less frequently, you’ll spend a lot more time rebuilding lost data during recovery. Ideally, you need a recent complete backup you can restore from starting from a point in time where you know your systems are clean.

How Rewind protects your backup data

Rewind follows a number of stringent security policies. Data is encrypted at transit with the latest HTTPS encryption connections. Data at rest is encrypted with AES-256, the standard set by AWS and the US National Institute of Standards and Technology. Our endpoints and certificates are rotated annually, and we use multiple third parties to help us identify security concerns in real-time so we can act immediately if an issue is detected. Our team includes a variety of experts in cybersecurity, information security, and development operations who continuously monitor for emerging threats. Rewind is GDPR compliant and has received SOC 2 Type 2 status. Data protection is the core of what Rewind is: as experts in data backups, security isn’t just a feature – it’s what we do.

Ransomware marks a serious emerging threat that businesses can longer afford to ignore. With an automated backup and recovery tool like Rewind, you’ll be sure that your data is always safely backed up in the Rewind vault. If your organization were to face a ransomware attack (or any other type of data disaster), a complete backup is a necessary tool to recover quickly without affecting business continuity.


Profile picture of <a class=Sarah Bader">
Sarah Bader
Sarah Bader is a content writer, tech enthusiast, and passionate supporter of the Oxford Comma. When she puts her pen down, she can often be found riding her bike around Ottawa or watching trashy reality tv with her dog (he’s a big fan).