Ransomware attacks have inflicted billions of dollars of damage on internet users and companies. And that’s only during the last few years. Ransomware is a nasty form of malware. Not only does it infect victim’s computers, but locks them out of crucial files until they pay a ransom. And only less than half of attackers relinquish control of data after getting paid.
The common-sense advice security professionals give all internet users is to back up their files. But it is no longer enough because ransomware attackers are now attacking cloud backups too.
Anything Connected to the Internet is Vulnerable
Few tools have been as transformative to the way we live, work, and play as the internet. The internet enables the connected world we live in. The downside to this is anything connected to it is at risk of cyber-attack.
As soon as you enable your WiFi or cellular connection, your device becomes open to all kinds of threats. The same thing applies to all data you store in the cloud, too, as well as connected storage drives. For example, if you plug an external hard drive into a computer connected to the internet, then someone could hack the data it contains.
How Does Ransomware Attack Cloud Backups?
Ransomware is an umbrella term. It refers to a wide variety of different techniques cybercriminals use. Ransomware attacks can spread via massive bot attacks like WannaCry.
The most severe ransomware attacks are personal. These are the types you often hear about on the news. They include attacks on cities, hospitals, and corporations.
You may have been wondering why a major city didn’t have backups. Isn’t that simple enough? They likely did. But hackers went in first and deleted the backups to prevent victims from restoring their files.
Cloud backups can be somewhat more secure against this versus the local option. But they also may be misconfigured, outdated, or breached through weak password security protocols.
A common ransomware scenario involves hackers breaching corporate networks. They use keyloggers and other tools to mine account data. Then they use this information to gain access to cloud backups and launch the ransomware attack.
Finally, they delete System Restore and System Image points to block administrators from rolling back to previous backups. So there is no way to reverse the encryption.
How to Make Your Backups Ransomware-Proof
Cloud backups are still a vital part of the backup and recovery process. But it must be a part of a multilayered approach.
You need to start with fast and efficient local backups. These should focus on accessibility. But since they are vulnerable to ransomware, they require software encryption to prevent unauthorized access.
Offsite solutions are less convenient. But since they are isolated from company networks, they are more reliable. The best way to create ransomware-proof backups is to follow the 3-2-1 rule:
- Have three copies or more of all files
- Store copies on two or more different type of storage
- Store at least one copy offsite
As you review storage options, you may see the term “immutable backups” often. Immutable backups are encrypted cloud backup protected by the highest level of security. Many cloud providers offer this service for an extra fee for a certain amount of storage. While you might not be able to afford to have all your files secured this way, you should consider it for your most important data.
Your local drive needs to be offline and “air-gapped.” It is another option that may be a little pricier but protects your data behind a wall that blocks out unsecured connections.
Securing Your Files
All of these strategies are useful. But there is still more you must do to protect your data. To begin with, you should ensure your connection to the internet from both your personal and professional digital devices. It’s especially crucial when you connect to the internet to back up your files.
For encrypting your connection, use a VPN. A VPN is a virtual private network (https://nordvpn.com/what-is-a-vpn/) that creates an encrypted tunnel between your devices and the websites they connect to. It prevents cybercriminals from tracking your internet activity and using that to gain access to your data.
Along with a VPN, all cloud and other accounts should use advanced authentication techniques:
- multi-factor authentication
- biometric security tools
- other forms of identity management
Finally, education is vital. Instruct employees and coworkers on digital hygiene techniques. Train them to recognize suspicious emails and other forms of social engineering scams. It is the only way to create comprehensive coverage. It will prevent not only ransomware attacks, but all types of cyber threats.