How to protect backups from ransomware

Backups can be defended against ransomware attacks by moving them offsite from primary systems, removing file-system access to the backups, and avoiding using Windows as a backup platform.

locked data / bitcoins
Metamorworks / Nature / Getty Images

Ransomware is becoming the number one threat to data, which makes it essential to ensure that bad actors don’t encrypt your backup data along with your primary data when they execute ransomware attacks. If they succeed at that, you will have no choice but to pay the ransom, and that will encourage them to try it again.

The key to not having to pay ransom is having the backups to restore systems that ransomware has encrypted. And the key to protecting those backups from ransomware is to put as many barriers as you can between production systems and backup systems. Whatever you do, make sure that the only copy of your backups is not simply sitting in a directory on a Windows server in the same data center you are trying to protect. Let’s take a closer look at a few key elements of that sentence: “Windows”, “same data center”, and “sitting in a directory”.

Protect Windows

The majority of ransomware attacks are against Windows hosts, and they spread to other Windows hosts in your computing environment once a single host is infected. Once the ransomware has spread to enough hosts, the attacker activates the encryption program and suddenly your entire world is shut down. Therefore, the most obvious thing to do would be to use something other than Windows for your backup server.

Unfortunately, many popular backup products run primarily on Windows. The good news is that many of them also offer a Linux alternative. Even if the main backup software must run on Windows, it might also have a Linux media-server option. The media servers are the key because that is where the data is that you are trying to protect. If your backups are only accessible via Linux-based media servers, ransomware attacks against Windows-based servers will not be able to attack them.

To continue reading this article register now

SD-WAN buyers guide: Key questions to ask vendors (and yourself)