Marketing for backup solutions points out that securing data with restorable backups helps organizations recover from ransomware. While it’s true that good backups can save the day in the event of a ransomware incident, can backups also be a liability? Yes, if not adequately secured.
To understand, consider modern ransomware, which not only encrypts your data but is often exfiltrating it to extort you in case your backups are sufficient for restoration. The treat actors must perform discovery and enumeration of your network, then stage data to be exfiltrated. However, if you have your backups in a repository that they can access without too much difficulty, those steps are unnecessary. They can simply exfiltrate your backups, expand them on their networks, and have all the data. You have saved them time and effort and they can now make their extortion demand and threaten to release the data publicly if you don’t pay up. Even worse, the data will likely still end up for sale on the Dark Web at some point, even if you DO pay them.
How are your backups secured? Foresite recommends what is known as a 3-2-1 method. Three backups, using two different backup and recovery utilities and one air-gapped and kept off the network. In addition, Foresite recommends making sure your backup repositories are secured, and access to them is using very complex passwords and multi-factor authentication.
To be sure, backups are one part of ransomware recovery. Do not mistake them for ransomware protection. Also, make sure they are diligently protected.