Can Ransomware Infect Backups?

Ransomware threat continues to grow. New strains appear on a regular basis raising the question: “Can ransomware infect backups?” As a matter of fact, strains like Ryuk and Sodinokibi prove that even backups can be attacked and encrypted.

Let’s find out when ransomware can infect backups and, more importantly, how to ensure backup data is safe from ransomware.

Table of Contents

Can Ransomware Infect Backups and When They Become Infected?

Having your data backed up is one of the best security measures. However, sometimes backup data can be corrupted by ransomware together with the data it is supposed to protect.

Overall, there is always a probability that backup data is infected. Depending on your backup strategy, this probability can be higher or lower.

When backups are more likely to be infected with ransomware? Generally, all backups that do not follow the best practices of ransomware backup strategy are more vulnerable. These practices include:

Following the 3-2-1 backup rule (having 3 separate copies of your data stored on 2 different kinds of media, with at least 1 copy stored off-site)
Keeping multiple backup versions
Making backups frequently
Using additional anti-ransomware software

Using these practices together makes your backups as secure from ransomware as possible.

Can Ransomware Encrypt Google Drive/OneDrive?

Sometimes, cloud services like Google Drive or OneDrive are used as the only backups of important data. This is not the best option and here’s why.

According to the UK’s National Cyber Security Centre, cloud syncing services (like Dropbox, OneDrive and SharePoint, or Google Drive) should not be used as your only backup. This is because they may automatically synchronize immediately after your files have been ‘ransomwared’, and then you’ll lose your synchronized copies as well.

Sync is not the only way for cloud services to get infected with ransomware; apps and extensions may lead to a ransomware infection as well. You can read about it in our article about ransomware infecting Google Drive. In a nutshell, an app/extension may contain malicious code. Giving permissions to corrupted software may result in having your own files attacked.

Backing up data to an external drive is not the best solution either. Hackers may know that the storage containing the backups is connected to the Internet and time the attack to hit the target. Besides, when an organization’s data flow is intense, handling hard drives becomes extremely time-consuming.

That’s why you may ask a natural question: “Is there a ransomware-proof backup solution?” Yes, there is.

Ransomware-proof Backup Solutions for G Suite and Office 365

SpinSecurity for G Suite and Office 365 is an automated backup solution combined with advanced ransomware detection tools. SpinSecurity utilizes an innovative ransomware detection method—behavioral analytics. This method is based on understanding ransomware patterns via abnormal file behavior.

Try Ransomware-Free Backup for Google Workspace and Microsoft Office 365

Try Spin!

What features does our backup solution offer to keep your data safe and secure from ransomware?

Automated daily backup.
Backup data is stored in the cloud of your choice.
Data recovery with folder hierarchy preservation.
Multiple backup versions.
Customizable backup frequency and retention.
Advanced search options and reporting.
Unique machine learning algorithms that allow 99% accuracy in detecting ransomware (you can read more about them here).

Published on: Oct 23, 2021

Davit Asatryan Director of Product

About Author

Davit Asatryan is the Director of Product for Spin.AI, focusing on the All-in-One SaaS Security platform, SpinOne. He has been with the company for over 5 years and specializes in SaaS data protection, helping organizations battle Shadow IT, ransomware and data leak issues. Prior to joining Spin.AI, Davit gained experience by working in fintech startups and also received his Bachelor’s degree from UC Berkeley.

Frequently Asked Questions

Are backups always safe from ransomware attacks?

While backups are an essential part of a ransomware recovery strategy, there is always a probability that backup data is corrupted by ransomware. Whether this probability is high or low depends on your backup strategy. To lower the probability of your backups being encrypted by ransomware, follow the 3-2-1 backup rule (3 separate copies of your sensitive data stored on 2 different kinds of media, 1 copy stored off-site); keep multiple backup versions; make backups frequently; and use additional anti-ransomware software.

Can ransomware infect encrypted files?

Yes, ransomware can infect even encrypted files by adding an additional layer of encryption over the protective encryption utilized by your organization. Encryption can be valuable in safeguarding against double extortion ransomware, in which attackers threaten to expose sensitive data acquired during their attack. Nonetheless, it’s not an effective preventive measure for initial ransomware attacks since encryption wasn’t created for that purpose. Organizations must deploy additional security measures to protect their crucial data from the growing risks of cyberattacks.

Can encrypted files be hacked?

Properly encrypted files are extremely difficult to hack through traditional methods. Encryption uses complex algorithms and keys to protect the confidentiality and security of the data. However, the security of encrypted files depends on the strength of the encryption method used and the protection of encryption keys. If a hacker gains access to the encryption key or employs advanced techniques, they might be able to decrypt the files. So, while encryption provides robust security, it’s crucial to secure the keys and maintain overall system security to minimize the risk of unauthorized access to encrypted data.