It used to be that you could safely backup data by taking copies of all of it at regular intervals and putting it on a local backup server, which would then write the data to tape replication which could then be couriered offsite. Or, you could send that backup copy of all your data out on the Internet to a service provider for safekeeping. A local copy of your entire data network assures fast recovery in any event that doesn’t involve a site outage. Accidentally deleted files don’t require hauling information backups across the Internet, and there’s always the bonus of having the ability to clone out copies of your data backup for development and testing – free of negatively impacting workloads.
Ransomware Changed Everything
Ransomware has changed the entire data recovery and backup game, and it’s done it in a number of different ways. And, ransomware variants appear to be getting more and more able to corrupt wider swaths of networks and at a faster rate, too. Most ransomware variants corrupt not only the data on a single PC or server, they can compromise backup servers as well. There are three main reasons this can happen:
- The backup servers have their shares available
- The ransomware jumped from the primary infection point to infecting the backup server
- The ransomware is exploiting a vulnerability in the OS or data protection software, allowing it to corrupt backups directly
Data Protection Insights
As mentioned above, ransomware can expropriate a whole network’s cache of data quite rapidly. It can spread like a virus, traveling from system to system and increasing the speed with which it can infect, as well as the number of files per second it can corrupt. Thus, data protection systems get overwhelmed, with even Continuous Data Protection, or CDP types of data protection systems simply failing at the outset of an attack. Ransomware variants can be so subtle as to slip right under the radar of PC users, morphing for days or weeks within a given database and altering files before alerting the recipient of the attack to its presence. This is all to the advantage of the creators of ransomware, who benefit by having that payload leaving behind no single uncorrupted file, making data protection a non-issue and forcing the target to pay the ransom.
The Nature of Malware
Top-end malware programs can parse the backup server configuration, identifying where it’s sending disaster recovery copies. It can then go infect those servers, and destroy all data caches, which wipes out the entire organization. Here’s an IT insider tip: Never browse the Web as the domain administrator for any reason whatsoever. Public cloud computing, for one, is becoming more vulnerable to malware infection by the day, due to cleverer variants that can follow and mimic administrators’ credentials, or quickly discern them, then use scripts to delete primary data and backups.
The Lesson of Data Bilocation
To quote a “full-time nerd” writing in Virtualization Review, “If your data doesn’t exist in two places, then it simply doesn’t exist!” Following this line of thinking, and where cloud computing is concerned, you’ll want to make a backup copy of your data and copy it to an entirely different account with separate credentials within the same public cloud services provider, or take the more preferable path of copying it somewhere entirely removed from the primary data source. That can be a separate cloud services company, or a more traditional hosting provider, or to an on-premise storage device. The more backup copies the better, and the more locations the better.
Get Expert Advice on Ransomware Protection
Ultimately, ransomware can’t beat being knowledgeable and proactive. If you need further advice about ransomware prevention, data protection, and security, Hammett Technologies is a proven leader in providing IT consulting and cybersecurity in Washington, DC or Baltimore. Contact a friendly, knowledgeable expert at (443) 216-9999 or send us an email at firstname.lastname@example.org today, and we can help you with any of your questions or needs.