When someone asks you about the best ransomware protection, the first thing you’ll probably come up with is a backup. After all, backup is the only security practice that actually can get your infected data back. Antivirus software and firewalls are just the first line of defense, which is far from being 100% effective against ransomware.
But there is a problem. Ransomware can infect backups. In this article, you’ll find out about ransomware backup strategy, a set of possible ways to make your data more secure.
Table of Contents
Can Ransomware Encrypt Backups?
Short answer: yes, there’s a chance your backup will be encrypted together with the source data. We recommend reading how ransomware works to understand more about ransomware attacks and ways to prevent them.
Ransomware can get into the system and encrypt your data, including data stored in the Google/Microsoft cloud. Ransomware spreads through the cloud, as all local changes are automatically synchronized with the whole cloud. Usually, the encryption begins shortly after ransomware has sneaked into the system, for example, as a result of a phishing attack.
However, some recent ransomware strains do not encrypt your files immediately. Instead, they are hiding in the network and searching for system-critical data. That’s what is called lateral movement. Such strains are able to stay hidden for months, even years. For example, that’s how Ryuk works. When the important data pieces are identified, the encryption begins.
To put it simply, your data can stay infected for a long time before the encryption begins. Naturally, there is a chance you’d preserve infected data with a backup. And when the time comes and encryption begins, your backup may contain only corrupted files.
But everything is not so bad. Corrupting backups with malicious code is not a certainty, but a probability. Though that probability can not be reduced to zero, there are several best practices that you can use to improve the chances of preventing ransomware infection of your backups.
How to Protect Your Backed-up Data from Ransomware
To increase the chance your backups won’t be infected with ransomware, you can implement a ransomware backup strategy, which is a set of security practices. Let’s take a look at four of the practices: 3-2-1 backup, multiple backup versions, making backups frequently, and the use of additional anti-ransomware software.
Though none of these practices makes your backups completely ransomware-proof, implementing them together is an extremely powerful security strategy.
Would you like to find out more about other ways to avoid ransomware? Check our article about ransomware protection to find out more about protecting your data from ransomware.
Follow the 3-2-1 Backup Rule
As ransomware spreads through the system, it may infect everything the infected user has access to. Let’s take a ransomware attack on the Office 365 cloud as an example. The backup data is vulnerable if it is stored in the same O365 cloud as the source data. However, there is a way to keep cloud data backups safe.
3-2-1 backup strategy is a method of organizing your backups securely. The name 3-2-1 stands for having 3 separate copies of your data stored on 2 different kinds of media, with at least 1 copy stored off-site. Following this strategy means that even if one copy of your data is damaged, there are always other, safe ones.
Generally, you can implement this strategy manually by using several cloud storage/hard drives to store your files. But in real life, this way may be too time-consuming to handle a significant amount of data. That’s why businesses often use cloud backups to ensure the safety of their SaaS data. Would you like to boost the security of your cloud data? Try third-party backup tools following the 3-2-1 best practice like SpinBackup for G Suite and Office 365.
Keep Multiple Backup Versions
As we’ve mentioned before, some ransomware pieces can stay undetected for a long time. This may lead your system to back up the corrupted items. Having multiple backup versions is a very straightforward solution. If ransomware hits your backup and the most recent versions are corrupted, older ones may be safe. Ideally, you should be able to recover the encrypted data in its pre-infection form.
In a nutshell, the more backup versions you have, the higher the chance that one is safe. Of course, this method is not a panacea, as there is a chance that even the oldest versions are encrypted as well. The longer the backup data retention, the lower the chance gets.
That’s why it might be a good idea to consider backup software supporting multiple backup versions and indefinite backup data retention.
Make Backups Frequently
Another significant element of keeping your data secure is making your backups frequently. The major benefit of this practice is the safety of your daily progress. The more frequent backups are, the less not-backed-up data may be lost in case of a ransomware attack.
However, making backups too often requires too much storage space. Perhaps, the best idea would be making a backup several times a day, which protects your progress without excessive storage costs.
Looking from a reliable backup solution? Try Spinbackup for G Suite and Office 365 – a cloud backup software that combines 3-2-1 strategy offers multiple backup versions and automatically backs up data three times a day.
Use Additional Anti-ransomware Software
Using additional anti-ransomware software is a great practice you should consider. Unlike a backup, that can only recover files from a ransomware attack, a ransomware prevention tool will help you to stop it before it has gone too far.
Detecting ransomware ASAP is the key to preventing it from causing significant damage to your files. Early ransomware detection allows prevention of ransomware spreading through the whole network. Complete your ransomware backup strategy with advanced ransomware prevention software for G Suite and Office 365. Free trial included!
SpinOne: All-in-one Ransomware Protection Software
Perhaps most important in ransomware backup strategy is putting all the best practices together and making them work without relying on day-to-day attention from a system administrator.
SpinOne is automated security software that combines advanced backup functionality with ransomware prevention. This solution follows the 3-2-1 strategy, offers multiple backup versions, and automatically backs up data three times a day while utilizing advanced ransomware detection methods.
SpinOne utilizes an innovative ransomware detection method—behavioral analytics. This method is based on understanding ransomware patterns via abnormal file behavior. Powered by machine learning algorithms, it allows achieving 99% accuracy in detecting ransomware.
Here you can read more about SpinOne and its features.
Have more questions about SpinOne? Schedule a demo and get them answered!