Home Hacking News Cloud Backups Aren’t Always Safe Against Ransomware Attacks

Cloud Backups Aren’t Always Safe Against Ransomware Attacks

by Mic Johnson

Ransomware attacks have inflicted billions of dollars of damage on internet users and companies. And that’s only during the last few years. Ransomware is a nasty form of malware. Not only does it infect victim’s computers, but locks them out of crucial files until they pay a ransom. And only less than half of attackers relinquish control of data after getting paid.

The common-sense advice security professionals give all internet users is to back up their files. But it is no longer enough because ransomware attackers are now attacking cloud backups too.

Anything Connected to the Internet is Vulnerable

Few tools have been as transformative to the way we live, work, and play as the internet. The internet enables the connected world we live in. The downside to this is anything connected to it is at risk of cyber-attack.

As soon as you enable your WiFi or cellular connection, your device becomes open to all kinds of threats. The same thing applies to all data you store in the cloud, too, as well as connected storage drives. For example, if you plug an external hard drive into a computer connected to the internet, then someone could hack the data it contains.

How Does Ransomware Attack Cloud Backups?

Ransomware is an umbrella term. It refers to a wide variety of different techniques cybercriminals use. Ransomware attacks can spread via massive bot attacks like WannaCry.

The most severe ransomware attacks are personal. These are the types you often hear about on the news. They include attacks on cities, hospitals, and corporations.

You may have been wondering why a major city didn’t have backups. Isn’t that simple enough?  They likely did. But hackers went in first and deleted the backups to prevent victims from restoring their files.

Cloud backups can be somewhat more secure against this versus the local option. But they also may be misconfigured, outdated, or breached through weak password security protocols.

A common ransomware scenario involves hackers breaching corporate networks. They use keyloggers and other tools to mine account data. Then they use this information to gain access to cloud backups and launch the ransomware attack.

Finally, they delete System Restore and System Image points to block administrators from rolling back to previous backups. So there is no way to reverse the encryption.

How to Make Your Backups Ransomware-Proof

Cloud backups are still a vital part of the backup and recovery process. But it must be a part of a multilayered approach.

You need to start with fast and efficient local backups. These should focus on accessibility. But since they are vulnerable to ransomware, they require software encryption to prevent unauthorized access.

Offsite solutions are less convenient. But since they are isolated from company networks, they are more reliable. The best way to create ransomware-proof backups is to follow the 3-2-1 rule:

  • Have three copies or more of all files
  • Store copies on two or more different type of storage
  • Store at least one copy offsite

As you review storage options, you may see the term “immutable backups” often. Immutable backups are encrypted cloud backup protected by the highest level of security. Many cloud providers offer this service for an extra fee for a certain amount of storage. While you might not be able to afford to have all your files secured this way, you should consider it for your most important data.

Your local drive needs to be offline and “air-gapped.” It is another option that may be a little pricier but protects your data behind a wall that blocks out unsecured connections.

Securing Your Files

All of these strategies are useful. But there is still more you must do to protect your data. To begin with, you should ensure your connection to the internet from both your personal and professional digital devices. It’s especially crucial when you connect to the internet to back up your files.

For encrypting your connection, use a VPN. A VPN is a virtual private network (https://nordvpn.com/what-is-a-vpn/) that creates an encrypted tunnel between your devices and the websites they connect to. It prevents cybercriminals from tracking your internet activity and using that to gain access to your data.

Along with a VPN, all cloud and other accounts should use advanced authentication techniques:

Finally, education is vital. Instruct employees and coworkers on digital hygiene techniques. Train them to recognize suspicious emails and other forms of social engineering scams. It is the only way to create comprehensive coverage. It will prevent not only ransomware attacks, but all types of cyber threats.

You may also like

Latest Hacking News

Privacy Preference Center


The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.

cookie_notice_accepted and gdpr[allowed_cookies] are used to identify the choices made from the user regarding cookie consent.

For example, if a visitor is in a coffee shop where there may be several infected machines, but the specific visitor's machine is trusted (for example, because they completed a challenge within your Challenge Passage period), the cookie allows Cloudflare to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.

__cfduid, cookie_notice_accepted, gdpr[allowed_cookies]


DoubleClick by Google refers to the DoubleClick Digital Marketing platform which is a separate division within Google. This is Google’s most advanced advertising tools set, which includes five interconnected platform components.

DoubleClick Campaign Manager: the ad-serving platform, called an Ad Server, that delivers ads to your customers and measures all online advertising, even across screens and channels.

DoubleClick Bid Manager – the programmatic bidding platform for bidding on high-quality ad inventory from more than 47 ad marketplaces including Google Display Network.

DoubleClick Ad Exchange: the world’s largest ad marketplace for purchasing display, video, mobile, Search and even Facebook inventory.

DoubleClick Search: is more powerful than AdWords and used for purchasing search ads across Google, Yahoo, and Bing.

DoubleClick Creative Solutions: for designing, delivering and measuring rich media (video) ads, interactive and expandable ads.



The _ga is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.

The _gat global object is used to create and retrieve tracker objects, from which all other methods are invoked. Therefore the methods in this list should be run only off a tracker object created using the _gat global variable. All other methods should be called using the _gaq global object for asynchronous tracking.

_gid works as a user navigates between web pages, they can use the gtag.js tagging library to record information about the page the user has seen (for example, the page's URL) in Google Analytics. The gtag.js tagging library uses HTTP Cookies to "remember" the user's previous interactions with the web pages.

_ga, _gat, _gid