How Ransomware Infects Backups and How to Avoid It

Can Ransomware Infect Backups?


Ransomware threat continues to grow, and ransomware strains like Ryuk and Sodinokibi prove that even backups can be attacked and encrypted. 

Let’s find out when ransomware can infect backups and, more importantly, how to ensure backup data is safe from ransomware.

When Can Backups Become Infected?

Having your data backed up is one of the best security measures. However, sometimes backup data can be corrupted by ransomware together with the data it is supposed to protect.

Overall, there is always a probability that backup data is infected. Depending on your backup strategy, this probability can be higher or lower.

When backups are more likely to be infected with ransomware? Generally, all backups that do not follow the best practices of ransomware backup strategy are more vulnerable. These practices include:

  • Following 3-2-1 backup rule (having 3 separate copies of your data stored on 2 different kinds of media, with at least 1 copy stored off-site)
  • Keeping multiple backup versions
  • Making backups frequently
  • Using additional anti-ransomware software

Using these practices together makes your backups as secure from ransomware as possible.

Can Ransomware Encrypt Google Drive/OneDrive?

Sometimes, cloud services like Google Drive or OneDrive are used as the only backups of important data. This is not the best option and here’s why.

According to the UK’s National Cyber Security Centre, cloud syncing services  (like Dropbox, OneDrive and SharePoint, or Google Drive) should not be used as your only backup. This is because they may automatically synchronize immediately after your files have been ‘ransomwared’, and then you’ll lose your synchronized copies as well. 

Sync is not the only way for cloud services to get infected with ransomware; apps and extensions may lead to a ransomware infection as well. You can read about it in our article about ransomware infecting Google Drive. In a nutshell, an app/extension may contain malicious code. Giving permissions to corrupted software may result in having your own files attacked.

Backing up data to an external drive is not the best solution either. Hackers may know that the storage containing the backups is connected to the Internet and time the attack to hit the target. Besides, when an organization’s dataflow is intense, handling hard drives becomes extremely time-consuming. 

That’s why you may ask a natural question: “Is there a ransomware-proof backup solution?” Yes, there is. 

Ransomware-proof Backup Solutions for G Suite and Office 365

SpinSecurity for G Suite and Office 365 is an automated backup solution combined with advanced ransomware detection tools. SpinSecurity utilizes an innovative ransomware detection method—behavioral analytics. This method is based on understanding ransomware patterns via abnormal file behavior. 

What features does our backup solution offer to keep your data safe and secure from ransomware? 

  • Automated daily backup.
  • Backup data is stored in the cloud of your choice.
  • Data recovery with folder hierarchy preservation.
  • Multiple backup versions.
  • Customizable backup frequency and retention.
  • Advanced search options and reporting.
  • Unique machine learning algorithms that allow 99% accuracy in detecting ransomware (you can read more about them here).

All solutions have a Free 15 Day Trial. Start it now!

Have more questions about our backup and ransomware protection tools? Schedule a demo and get them answered!