, Data Backup, Tape StorageRansomware Variants Are Targeting Data Backups

Ransomware Variants Are Targeting Data Backups

2018-11-17T23:20:23+00:00 15 Mar 2018|Tags: , , |

Ransomware variants are becoming smarter. Their traditional approach is they would disguise themselves in email attachments. Upon the unsuspecting person opening the attachment, the ransomware would encrypt the person or company’s data then ask for a king’s ransom to get that data back.

Photo and content by Symantec

Unfortunately, even when people complied it doesn’t always work out. Only half of companies who paid their ransom received their data back, leading many to employ other safeguards such as data backups.

After all, if you have your data spread out, it can help you identify ransomware behaviors and stop them before they wipe out your data. But this isn’t a perfect solution either. There are ways you can still become vulnerable even with data backups.

 Backups failing to cover all systems: One mistake some companies come across is a failure to backup all the files and programs they need. This can be due to cost-cutting measures since data storage can be expensive to an organization’s bottom line. Another way this occurs is if the last backup happened a long time ago and you have new files or systems you haven’t updated.

 Failure to test vulnerabilities:An issue a company might come across is they find their backups are vulnerable to attack. This can be an unsettling discovery, as it could indicate by the time you find that vulnerability it’s too late-the ransomware has your data. To prevent this from happening, it’s vital to test your data backups regularly to ensure they are running well and have no weaknesses.

 Hybrid variants are a new threat:There are some ransomware variants that disguise themselves to gain access to your data backups. To demonstrate, Windows programs use restore points or shadow copies for data, according to Search Data Backup. Yet, some ransomware variants such as Crypto are designed to seek and destroy shadow copies and restore points, rendering the backup ineffective.

Another vulnerability is writing backup data onto a machine or separate hard disk. The problem with this is once ransomware infects the system, it can still find the location of the stored files since they’re on the main machine.

Use an air gap to curb ransomware

One of the most effective ways to prevent ransomware from gathering your data is to use an air gap. An air gap provides another layer of protection between your data and the ransomware. One of the most common forms of an air gap is a disk-to-disk-to-tape backup, as Search Data Backup reports, though there are other ways you can achieve an air gap, as the above illustration demonstrates using network-attached storage. 

What’s beneficial about this approach is even if the ransomware attacks the data on the disks, it still cannot access an external tape drive. In fact, one of the purposes for tape drives was to provide a separate data access point on the off chance there was damage in-house such as a fire.

Ransomware attacks still represent a real threat. If you find yourself a victim of one, it’s important to act fast. Our team at SALVAGEDATA will be happy to put our expertise to work for you

One Comment

  1. Katrien 22 Mar 2018 at 2:15 am - Reply

    I agree about over the air Time Machine. I finally had it with a year”s worth of archive going south and having to start again so I switched to a hard disk that”s directly connected to the machine. A bit more awkward but it works and I just do it once a day on both my Mac Pro and my wife”s MacBook Pro. I too used to use SuperDuper but the author was very slow to make the last few updates so I decided to re-try CCC which initially I found terribly complex to use for a simple clone. CCC is now as easy to use as SD and I”ve been using it for a year to make backups. My system is a simpler version of yours. Daily Time Machine backup of both machines. Daily CCC backup on disk 1 Disk 1 goes in a fire box in the basement and is swapped with disk 2 My basement is my offsite backup. My “disks are 1TB SSDs. All of this is done through USB 3 which is fine. C would be better and someday I”ll get there but for now, 3 works and isn”t too slow except for an initial backup which I haven”t had to do in a long time.

Leave A Comment