How to Protect Backups Against Ransomware

How to Protect Your Backups Against Ransomware

It’s estimated that damages as a result of ransomware will reach $20 billion by 2021. Effective and risk-aware backup strategies, policies, and infrastructure can help businesses avoid billions in ransoms while also safeguarding vital operational data. In this article, we’ll explore how to protect your backups against ransomware to help mitigate the threat posed by ransomware.

Securing data and backups is made increasingly difficult thanks to the variety of initial attack vectors as well as methods for accessing, encrypting, and exfiltrating precious data. Moreover, an inefficient and uninformed recovery process can end up costing 10 to 15 times the actual ransomware attack. This proves the importance of validating your assumptions when implementing backup policies.

Furthermore, businesses operating in specific industries, such as healthcare, might be held to tight regulatory compliance standards to safeguard data. In this case, working with a partner that understands the security compliance landscape can help you stay secure and compliant.


Our Cyber Incident Response Team provides an elite response for your organization after a Ransomware or Cyber Extortion Incident.


Backup Regularly and Review Retention Policies

The shorter the interval between your backup cycles, the less operation data is at risk of being lost at any point in time. However, this raises other concerns, especially when working with distributed data backup infrastructure.

While frequent backups are necessary to protect data, each time you make backups you’re exposing your backed-up data to potentially undetected threats. Some ransomware makes use of delayed activation or attack loops to avoid detection and get lumped in with supposedly “clean” data.

So, backup frequency should be balanced with the accuracy, effectiveness, and time-to-detection of your security solutions.

Retention policies should be used to manage risk as well. The higher the risk of newly backed up data being infected, the further back you need to retain data to ensure access to clean copies. Segregating data from different business systems may also aid damage limitation and recovery.

Distributed and Isolated Backups

The 3-2-1 rule has its proponents and detractors, but it’s just one example of a backup strategy that organizations should consider. This rule states that you should have 3 copies of your data at all times; stored across two different media, with at least one off-site data recovery copy.

The off-site copy should be isolated from the cloud or business networks. Having this separation between cloud and off-site backup data is often called “air gapping” and is used to mitigate the ransomware risk associated with cloud services. You may even consider going as far as mechanically isolated or taped data.

At the very least, not all of your backups should be reachable via file system access. Reason being, this is one of the easiest and most exploitable ways to fall victim to ransomware.

Having two copies of production data across two different media also provides you with a faster way to recover data and resume operations.

Having your data replicated in as many different places as possible may seem foolproof. However, it can be costly and complex to implement this type of infrastructure as well as increase your data’s exposure surface. This, or any similar strategy, should only be implemented according to thorough risk analysis and cost-benefit calculation.

Test and Plan Backup and Recovery Plans

It’s not enough to simply acquire the top-of-the-line endpoint security systems and draft best practice policies for your teams and then sit back. Your data and backups are only as safe as the level of validation behind your data protection systems and procedures.

CISOs also need to invest the time and energy to test backup and recovery plans. This will give you the opportunity to assess your team’s performance and the efficacy of your procedures. Furthermore, this activity will allow you to carry out accurate potential data loss and recovery times.

This will allow you to prioritize systems/data sets, validate your policies and infrastructure decisions, and draft better incident response plans.

Protect your systems and data to ensure clean backups

Your backups are only as secure as your most recently committed data. Ransomware attacks can be carried out across a number of attack vectors of which some of the most common are:

  • Exposed remote desktop protocol (RDP) services or unpatched remote access devices
  • Malicious files downloaded from suspicious emails or links
  •  Direct and targeted attacks on organization systems or servers
  • Laterally via cloud resources

Clearly, you need to implement holistic security solutions to protect your data from as many ransomware attempts as possible. This spans from investing in cutting-edge endpoint security systems using AI with automated detection and response to secure data encryption to employee security training and education.

The goal is to be as confident as possible in the integrity of your production data. As a result, you can back up with a clean conscience.

Windows systems have also proved to be especially vulnerable to these types of attacks. Moving some of your systems to Linux is one way to inoculate yourself from many mainstream attacks. If that’s not possible, making sure you stay on top of the latest IoCs and regularly update and patch your systems is a must.


It’s clear that this varied threat landscape demands a multi-pronged approach to secure an organization’s data. From people to software, from hardware to policies, every layer of your organization’s information infrastructure needs to be reviewed. Knowing how to protect your backups against ransomware is one way to protect valuable and sensitive data as well as minimize operational disruptions.




Top 5 Cybersecurity Facts, Figures, Predictions, And Statistics For 2021 To 2025

How to Prepare for Ransomware Attacks