Many, if not most, companies feel safe when a good backup strategy has been created that is tailored to their individual requirements and the corresponding backup solutions are reliably in operation. In addition to the classic protection of data in the event of system failures or even disasters, IT managers also value backup as a type of insurance against ransomware attacks.
But a functioning backup can give a false sense of security. Cyber criminals are using increasingly sophisticated technologies and tricks to compromise backup data. A special WORM protection layer for backup data in combination with enhanced password security can put an end to this horror.
Backup alone is hardly a good insurance against ransomware
Not so long ago, ransomware was limited to penetrating company networks and encrypting data in the most direct way possible. Companies that did not have a good backup strategy were hit hard by a ransomware attack, as they had little chance of getting their data back Cambodia Phone Number List other than by paying a ransom. In addition to the uncertainty as to whether the cyber criminals would even give out the key after payment, there was often the problem that decryption sometimes did not work.
Consequently, it made sense to upgrade the backup accordingly and to restore the data from the backups in an emergency without paying a ransom. This strategy is much better than giving in to the gangsters’ ransom demands and thereby falling out of favor with the GDPR or similar control bodies.
Today, however, the situation is completely different
The groups behind ransomware attacks have upgraded and often break into networks unnoticed via backdoors and tools, without using the actual ransomware in the first step. They move unnoticed horizontally and vertically through the company network and collect important information for their actual attack. This also includes administrator access and rights, including access to backups.
Once this information has been collected, they Cell Phone Number Database start the actual ransomware attack. They specifically encrypt not only the active data pools, but also the backed up data. This means that companies no longer have a chance of restoring their data without paying. Perhaps one or two companies have offline backups, but these naturally do not contain the current data sets. A recovery with an acceptable recovery point objective (RPO) is therefore miles away from what digital companies need today in an emergency.
The combination makes it:
WORM and additional password protection Backups should generally be designe in such a way that data can be restore with the smallest possible loss between the time of the attack and the last backup. This can be ensure with backups that are as continuous as possible – regardless of whether they are on local storage or in the cloud. However, such backups are no longer safe from cybercriminals. Administrator passwords for the system level are not sufficient. As cybercriminals also gain access to this. Separate protection of the backup data in conjunction with additional administration protection can reduce this risk.
Backups can be effectively protecte against ransomware using a software derivative of the long-established and proven WORM functionality (Write Once Read Only). To do this. A software WORM is combine with the backup software – for example with Blocky for Veeam. This protects backup data from any changes other than those made by the backup software. To prevent other applications from accessing the backups, the backup application must clearly identify itself to the filter layer using its fingerprint. However, unauthorize access to the backup systems has not yet been prevent. As cyber criminals sometimes prepare their attacks unnotice on the network for weeks and thus gain access to the administrator level.
This risk can also be eliminate with an Bulk Database additional security function. Finally, it is important to prevent manipulation of the backup software and the additional WORM protection. This is where additional password protection comes into play. In the latest version, Blocky for Veeam 2.5. Unauthorize actions on the Blocky configuration at the administrator level are prevent with integrate password security. Even after the administrator has logg in. Critical core functions such as uninstalling or turning off ransomware protection. Can only be trigger with an additional and independent password. Ciao Ransomware!
Ransomware remains but protection is getting better
Many IT security companies and industry experts predict that ransomware. Will remain one of the biggest risks for businesses in 2021 and beyond. Past statistics support the accuracy of these predictions. It is therefore a matter of staying one step ahead of cybercriminals and thwarting their persistent and tricky ransom-extortion efforts.
