Protecting Your Backups from Ransomware
Ransomware is at our doorstep. We cannot ignore it any longer or think we are not a target. In recent years at OneNeck, we have seen a significant upward trend of ransomware attacks. And even more troubling is in the last year, we have seen bad actors getting smarter, and they are now targeting your backup server and backup data to prevent you from recovering from the attack. As ZDNet stated, “The number of ransomware strains targeting NAS and backup storage devices is growing, with users ‘unprepared’ for the threat.”
In response, the backup industry has replied with some key recommendations you can implement to make it more difficult for those bad actors to be successful. Below are some of the recommendations being made by the industry and what we at OneNeck have seen be successful in slowing and reducing the risk of ransomware infecting your backup infrastructure:
- Remove your backup servers from the domain.
The goal of this recommendation is to prevent a compromised domain account with privileged access from leap frogging from server to server until they gain full management access of your backup infrastructure. This is a great first step and depending on your backup infrastructure, it could be sufficient to keep those bad actors from gaining access to that data.
- Implement multi-factor authentication (MFA) on your backup servers.
Preventing the bad actors from accessing your backup management software is the goal of this recommendation. Removing all other management consoles from admin desktops and using a dedicated backup management server with multi-factor authentication makes it more difficult for bad actors to gain access to your backup infrastructure.
- Create an isolated network and control who can access it.
If your backup servers and repositories are on the same network as your production servers and data, it is not difficult for the bad actors to jump from a compromised server and reach your backup infrastructure via the network. By creating a separate network, it makes it easier to create access control lists and prevent certain types of traffic from reaching your backup infrastructure. You can also lock down which devices have access to that separated network as well, making it more difficult for the bad actors to gain access and wreak havoc.
- Send a third copy of your backup data into object storage.
Object storage changes the way the data is written and can be rewritten in your backup repositories. By the nature of ransomware, it wants to read and overwrite or append to the original file to encrypt it. Object storage by design only allows create and delete operations thus making it more difficult for ransomware to encrypt an object store.
- Implement an air-gapped backup repository.
This is the panacea to help keep your backup environment protected but does require the most cost and complexity. The goal of an air-gapped backup repository is to keep the backup copy and infrastructure offline from the production network, it is only online for a short period to pull the latest data copy and scan it for ransomware. It takes physical access to manage the air-gapped backup equipment which is extremely difficult for those bad actors.
To learn more about air-gapped backups, watch this webinar.
OneNeck would be happy to open the conversation to discuss how these preventative measures can be implemented in your environment to better protect your backup infrastructure. OneNeck can also help with an offensive approach to ransomware and business continuity. Backups always provide a good defense, but any good game plan has both an offensive and defensive component.
Keep Moving Forward. We Got Your Back(up).
Additional Resources: