Ransomware Protection Requires Different Protocols

The core server component of most modern backup applications run on Windows. Unfortunately, Windows is also the primary target of ransomware attacks. While there are incidents of attacks on Linux or Macs, ransomware creators are going to go for the largest population possible. That means Windows and backup data is at risk. Obviously, dumping Windows from the data center isn’t an option either. A simple change in backup software configuration, assuming the software supports it, should provide the protection the enterprise needs.

How Does Ransomware Work?

Most organizations are taking great steps to protect themselves from a ransomware attack. They have software to prevent the intrusion and are patching servers to plug vulnerabilities. The problem is that ransomware exploits the organization’s biggest weakness – users.

A user can easily defeat even the best security policies by clicking on a suspicious link, opening an email attachment or plugging in a found USB drive. Once the ransomware is inside the organization it can access any file the user account can access, and some ransomware can even promote their credentials. As the malware gets into those files, they are encrypted and can only be accessed via a key, which the ransomware author will sell you; typically, via BitCoin. The speed at which ransomware can attack is stunning, corrupting thousands of files every minute.

Ransomware is a new type of a disaster. But ransomware does not attack just user home directories and laptops. Critical applications like MS-SQL create and store data as files, so they are also vulnerable. But most ransomware payments are to unlock typical user file data more so than databases. The reason is that most organizations focus on protecting mission critical databases instead of files. But these files contain contracts, proposals, invoices, financial spreadsheet, etc. And in many cases they can’t be reproduced and are never physically saved (printed). In short, IT needs to up its game in terms of protecting user files and other types of unstructured data.

Protecting Against Ransomware

IT should assume the organization will be compromised by ransomware at some point. To protect against ransomware they should perform backups of data multiple times per day. Since they are occurring more frequently, these backups need to be efficient. Only data changed since the last backup should be transferred across the network to the backup storage target. That efficiency enables the backup to complete quickly with less impact on the server being protected and the network over which it is transferred. The less impact the data protection event has, the more frequently it can occur.

Backup data is also at risk, so the organization should make copies of backup data. But the organization also has to be more careful than ever on deciding where to store the copies of the backup. Copying data to another Windows server leaves that copy vulnerable to a ransomware attack.

Instead the organizations should send the copy to a different protocol. For example, if it copies the backup data to a Linux based NFS share or to a remote Amazon facility via S3 the backup data will be far more secure. At this point, there are no known ransomware attacks that have penetrated both Windows and Linux platforms in a single attack.

Short of disconnecting the backup copy from the network, copying the backup data to two distinctly different platforms (NFS or the Cloud) greatly minimizes the chances the ransomware malware will encrypt both copies of data.

StorageSwiss Take

File data is a primary target of ransomware, yet IT spends most of its time making sure that the protection of application data is covered. And for the first time, ransomware is specifically targeting backup applications to try to make it harder for IT to recover. To protect the organization IT needs to frequently backup all data types and it needs to secure backup data on a different platform than the original copy.

Sponsored by NAKIVO


NAKIVO is a US corporation that develops a fast, reliable, and affordable data protection solution for Hyper-V, VMware, and AWS environments. NAKIVO Backup & Replication v7 native Hyper-V backup and replication. VM backups can be easily copied offsite or to AWS/Azure clouds by backup copy jobs. Over 10,000 companies are using NAKIVO Backup & Replication to protect and recover their data more efficiently and cost effectively. Visit www.nakivo.com to learn more.

George Crump is the Chief Marketing Officer at VergeIO, the leader in Ultraconverged Infrastructure. Prior to VergeIO he was Chief Product Strategist at StorONE. Before assuming roles with innovative technology vendors, George spent almost 14 years as the founder and lead analyst at Storage Switzerland. In his spare time, he continues to write blogs on Storage Switzerland to educate IT professionals on all aspects of data center storage. He is the primary contributor to Storage Switzerland and is a heavily sought-after public speaker. With over 30 years of experience designing storage solutions for data centers across the US, he has seen the birth of such technologies as RAID, NAS, SAN, Virtualization, Cloud, and Enterprise Flash. Before founding Storage Switzerland, he was CTO at one of the nation's largest storage integrators, where he was in charge of technology testing, integration, and product selection.

Tagged with: , , , , , , , ,
Posted in Blog

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 25,553 other subscribers
Blog Stats
%d bloggers like this: