It isn’t bad enough that the WannaCry ransomware is sweeping the globe, with even more dangerous variants going after your servers. Now some forms of malware attempt to infect your backups. Unsuspecting IT managers will assume they can recover from a ransomware infection by restoring their backups, only to find those copies are infected as well.
The Slow Burn
Some versions of malware will wait 16 or even 32 days to launch once they’ve infected a host, knowing most IT departments only keep two to four weeks of backups of their key data. If they can infect all of your current backups, then you have little recourse when a ransomware infection takes hold of your systems.
Stay Out of the Trap
How can you avoid falling victim to back-up infecting ransomware?
- Extend backup cycles beyond 30 days. While this is a simple fix, remember that the ransomware vendors can just go to 46 days or 61 days before springing the trap. And keeping that many daily backups can get expensive.
- Have a good backup testing regimen. Testing your backups regularly is part of best practices, but most shops only do it once a year or quarter. There are many cutting-edge solutions available that will test boot your VMs for you nightly. Some even provide screenshots of the system in an up state.
- Choose a backup solution that offers ransomware or anomaly detection. Ransomware typically requires making wholesale changes to many key system files. These types of changes can be watched for in your backup activity. When incremental backups show large changes happening without associated operational changes, it’s a sign that something fishy is going on. Having this type of “alarm system” can allow you to catch an infection before it pops up. By spotting it, you can get ahead of the curve in remediating it. Full disclosure, Codero offers just such a solution.
Don’t Get Caught
There are many things you can do to avoid being the victim of ransomware. Strong A/V, monitored intrusion detection, and good internal education are the basics. The use of good backup practices goes a long way towards inoculating your company from the worst of the ransomware scourge. That should help you sleep better at night.