October 23, 2021 | Reading time 9 minutes

Can Ransomware Infect Backups?

The threat of ransomware attacks continues to grow. New strains appear on a regular basis raising the question: “Can ransomware infect backups?” As a matter of fact, strains like Ryuk and Sodinokibi prove that even backups can be attacked and encrypted.

Backups are a pot of gold for attackers and even offer a roadmap for what data is most important to an organization. According to industry research firm Gartner,​​ “Backup systems are frequently attacked and must be protected,” so security leaders must “detect ransomware attacks early through the use of modern backup applications and malware scanning.”

Let’s find out when ransomware can infect backups and, more importantly, how to ensure backup data is safe from ransomware.

Can Ransomware Infect Backups and When Do Backups Become Infected?

Having your data backed up is one of the best security measures. However, sometimes backup data can be corrupted by ransomware together with the data it is supposed to protect.

After a ransomware attack, there is always a probability that backup data is infected. Depending on your backup strategy, this probability can be higher or lower.

When are backups more likely to be infected with ransomware? Generally, all backups that do not follow the best practices of a ransomware backup strategy are more vulnerable. These practices include:

  • Following the 3-2-1 backup rule (having 3 separate copies of your data stored on 2 different kinds of media, with at least 1 copy stored off-site)
  • Keeping multiple backup versions
  • Making backups frequently
  • Using additional anti-ransomware software

Using these practices together makes your backups as secure from ransomware as possible.

Can Ransomware Encrypt Google Drive or OneDrive?

Sometimes, cloud services like Google Drive or OneDrive are used as the only backups of important data. This is not the best option and here’s why.

According to the UK’s National Cyber Security Centre, cloud syncing services (like Dropbox, OneDrive and SharePoint, or Google Drive) should not be used as your only backup. This is because they may automatically synchronize immediately after your files have been ‘ransomwared’, and then you’ll lose your copies as well.

can ransomware infect backups

Sync is not the only way for cloud services to get infected with ransomware; apps and extensions may lead to a ransomware infection as well. You can read about it in our article about ransomware infecting Google Drive. In a nutshell, an app or extension may contain malicious code. Giving permissions to corrupted software may result in having your own files attacked.

Backing up data to an external drive is not the best solution either. Hackers may know that the storage containing the backups is connected to the Internet and time the attack to hit the target. Besides, when an organization’s data flow is intense, handling hard drives becomes extremely time-consuming.

That’s why you may ask a natural question: “Is there a ransomware-proof backup solution?” Yes, there is.

Ransomware-proof Backup Solutions for Google Workspace (G Suite) and Microsoft Office 365

Spin.AI’s SaaS Ransomware Detection and Response solution, SpinRDR, for Google Workspace and Microsoft 365 is an automated backup solution combined with advanced ransomware detection tools. SpinRDR utilizes an innovative ransomware detection method—behavioral analytics. This method is based on understanding ransomware patterns via abnormal file behavior.

SpinRDR helps organizations get fast incident response and slash SaaS ransomware downtime from months to hours with AI-driven ransomware detection and response and a guaranteed 2-hour incident response SLA – the fastest on the market. What features does our backup solution offer to keep your data safe and secure from ransomware?

What features does our backup solution offer to keep your data safe and secure from ransomware?

  • Automated 1X/3X daily backup.
  • Backup data is stored in the cloud of your choice.
  • Data recovery with folder hierarchy preservation.
  • Multiple backup versions.
  • Customizable backup frequency and retention.
  • Advanced search options and reporting.

Unique machine learning algorithms that allow complete accuracy in detecting ransomware (you can read more here).

Frequently Asked Questions

Are backups always safe from ransomware attacks?

While backups are an essential part of a ransomware recovery strategy, there is always a probability that backup data is corrupted by ransomware. Whether this probability is high or low depends on your backup strategy. To lower the probability of your backups being encrypted by ransomware, follow the 3-2-1 backup rule (3 separate copies of your sensitive data stored on 2 different kinds of media, 1 copy stored off-site); keep multiple backup versions; make backups frequently; and use additional anti-ransomware software.

Can ransomware infect encrypted files?

Yes, ransomware can infect even encrypted files by adding an additional layer of encryption over the protective encryption utilized by your organization. Encryption can be valuable in safeguarding against double extortion ransomware, in which attackers threaten to expose sensitive data acquired during their attack. Nonetheless, it’s not an effective preventive measure for initial ransomware attacks since encryption wasn’t created for that purpose. Organizations must deploy additional security measures to protect their crucial data from the growing risks of cyberattacks.

Can encrypted files be hacked?

Properly encrypted files are extremely difficult to hack through traditional methods. Encryption uses complex algorithms and keys to protect the confidentiality and security of the data. However, the security of encrypted files depends on the strength of the encryption method used and the protection of encryption keys. If a hacker gains access to the encryption key or employs advanced techniques, they might be able to decrypt the files. So, while encryption provides robust security, it’s crucial to secure the keys and maintain overall system security to minimize the risk of unauthorized access to encrypted data.

Was this helpful?

Thanks for your feedback!
Avatar photo

Vice President of Product

About Author

Davit Asatryan is the Vice President of Product at Spin.AI

He is responsible for executing product strategy by overseeing the entire product lifecycle, with a focus on developing cutting-edge solutions to address the evolving landscape of cybersecurity threats.

He has been with the company for over 5 years and specializes in SaaS Security, helping organizations battle Shadow IT, ransomware, and data leak issues.

Prior to joining Spin.AI, Davit gained experience by working in fintech startups and also received his Bachelor’s degree from UC Berkeley. In his spare time, Davit enjoys traveling, playing soccer and tennis with his friends, and watching sports of any kind.


Featured Work:
Webinar:

How Can You Maximize SaaS Security Benefits?

Let's get started with a live demo

Latest blog posts

The History and Evolution of Ransomware

The History and Evolution of Ransomware

Ransomware has become an efficient tool for illegal money extortion and achieving political goals worldwide. This article recounts the history […]

types of cyberthreats in 2024 and how to prevent them

Types of Cyber Security Threats in 2024 and How to Prevent Them

Over the past decade, businesses have become extremely dependent on the IT environment for their operations. Unfortunately, it comes with […]

How Does Ransomware Work in the Cloud?

How Does Ransomware Work in the Cloud?

Ransomware is one of the major cybersecurity threats to organizations worldwide. The accumulative cost of downtime caused by ransomware reaches […]