Ransomware attacks can no longer be ignored by any business owner, no matter their size or industry. It may surprise local small business entrepreneurs that cyber criminals find their data highly attractive, and have invested a lot of time and resource to attacking SMBs.
There is also a troublesome trend of ransomware attacks increasing significantly. The bad guys are getting more sophisticated. In a traditional ransomware attack, data was stolen and “held hostage” for a ransom; if a company had a current backup, they could recover without paying the ransom. Proving that they are always evolving, the criminals are now concentrating on targeting backup servers and backup data, in a move designed to prevent you from a effecting a successful recovery.
In response to this latest assault, the backup industry has responded with important recommendations companies can implement to foil the attempts of the criminals.
Free eBook: The Importance of Cyber Resilience
The vast majority of damage done in cyber attacks is due to the inability of the company to respond because they have not developed a cyber prevention and response strategy.
Remove backup servers from the domain: OneNeck.com recommends preventing a compromised domain account from jumping from server to server, thus gaining full access to the management structure of your backups. This is considered to be a strong first step in preventing criminals from getting access to your data.
Install multi-factor authentication on your backup servers. This suggestion is geared towards preventing criminals from gaining access to your backup software. The more difficult you can make it for criminals to access your data, the more chance you have at protecting it from them. Therefore, removing management consoles from admin desktops and utilizing a dedicated backup management server is a good start; employing multi-factor authentication (MFA) adds an additional level of protection.
Establish an isolated network and control access to it. If your backup servers and data stores reside on the same network as your production servers and data, criminals can make the jump from a compromised production server and attain access to your backup infrastructure through the network. By creating a distinctly separate network, access control lists can be more easily setup. This will help to prevent bad actors from reaching your backup infrastructure.
Send an additional copy of your backups into object storage. Object storage alters the manner in which the data is written and rewritten in your backup data repositories. Ransomware is created to read a file, then overwrite or encrypt the original file. By its very design, object storage only permits “create and delete” operations, making encryption close to impossible.
The most complex solution to ransomware is an air-gapped backup repository. This type of data storage maintains the backup copy and infrastructure offline, separate from the production network. the two systems interact only for a very short period of time for a specific purpose – pulling the latest data copy and scanning it for ransomware. Physical access is required to manage the air-gapped backup equipment, meaning that offsite hackers can’t easily gain access to the data or servers.
For more ideas and strategies designed to protect your backup data, call the experts at Alliance IT. We provide managed IT outsourcing services to small to medium sized businesses and are here to help. From streamlining your production to protecting your data, we have the expertise you need to perform at your best in today’s environment.
