There was a time where having a good data backup was a viable strategy against ransomware, but that’s not the case anymore. Stick around and I’ll explain why.
Hi there, and welcome to The Rosetta Stone where we help you decode the language of IT, and give you the tools you need to make informed decisions about your business IT support. I’m your host Jeremy Colwell, founder and managing director of The Human IT Company here in Vancouver. And today we’re talking about backups and how they work to protect you, or not, against ransomware.
In the early days of ransomware, the typical defense was to restore from backup. The hackers were okay with this, because at that time not a lot of businesses really had good, viable, regular backups that were tested, that were verified, that were checked. There were a lot of businesses that just had no backups at all, and so when their data got ransomed in the early days of ransomware then the business had no choice but to pay the ransom because a lot of them had no backups.
Business owners, of course, evolved from this position and seeing the threat of ransomware a lot more business owners started paying attention to their backups and started investing in proper backup solutions. The problem with this is that the bad guys also evolved their tactics. And seeing that a lot of businesses were now taking the time and spending the money on backups the hackers realized that their cash cows were in jeopardy. So what did they do? They changed their tactics.
We’ve talked before about how hackers will use automated tools to find systems that they want to try to compromise or take over. They don’t sit there in a dark basement poring over a keyboard anymore. Whatever Hollywood tells you is happening… that’s not happening anymore. The hackers are much more organized than many people realize. The hackers, wanting to make sure their Cash Cow remains valid, started changing and adding to their automatic tool set. So now when they find your data on a network, when they start to encrypt it, they’re also looking for your backups. It doesn’t matter if you’re using network attached storage on your local network or if you’re using a hard drive plugged in, or if you’re backing up directly to… heaven forbid you should be backing up to tape (don’t use tape). No matter what you’re backing up to though, if that backup lives somewhere on your local network then the bad guys are using their automatic tools to find those backups and render them useless. This means that after you’ve been ransomed when you go to restore from backup, the backup isn’t there. Or if it is, it has also been encrypted or otherwise made to be no good at all.
And again we have to remember that for the bad guys, this is just a business, this is their cash flow. They’re going to do whatever they can to make sure that you have the greatest possible incentive to pay them. If they’re destroying your backups then you’ve got no choice but to pay them hopefully you get your data back… either that or you’re starting from scratch, and realistically what business wants to do that?
The only real solution to protect against this is to introduce what we call an air gap. Now an air gap means that there’s a physical disconnection between the data that you’re backing up and the storage location where that backup lives. Maybe you’re backing up to a cloud service… I would note that in this case backing up to Dropbox, backing up to Google Drive, is not necessarily a viable option. But having some external storage location is key to having a proper viable backup.
This air gap means that the hackers can’t get from your computer where the data lives, they can’t get from there to the remote backup location automatically. Their tools just won’t do it. Maybe you’re backing up to Amazon S3 or Wasabi or BackBlaze or Azure cloud storage… whatever the case might be some sort of remote storage is really the only protection that you have to make sure that your backups stay viable all the time. And of course simply having the backup by itself is not enough; you need to make sure that you’re testing them on a regular basis. You have to make sure that just because you’ve got the backup, you’ve you’ve got to make sure that it’s actually working for you, that you can restore it when you need to.
So there you have it, an effective strategy for good backups. Make sure there’s an air gap, make sure that you’re doing test restores. If you want to know more about off-site backups, automatic backups, or any other IT support related issues, leave us a comment here or give us a call at 604-336-8133. If you found this video helpful hit up the like button below and don’t forget to subscribe. Thanks for watching the Rosetta Stone, see you next time.