How To Configure Your Backups To Protect From A Ransomware Attack

When it comes to ransomware attacks, few things can thwart it more effectively than an effective backup strategy.

When a ransomware attack hits you, the idea is that it locks your data in a vault, releasing it only after you pay a ransom, usually in Bitcoin. The value of that ransom is that it unlocks your data, but if you have your data effectively backed up in the first place you shouldn’t lose more than the few days it will take for you to reformat your systems and restore your data.

We’ve talked before about how it’s generally not a good idea to pay this ransom, since you’re not only rewarding criminals, the criminals themselves have no real incentive to even release your data once you’ve paid the ransom. After all, what are you going to do about it if they don’t?

But while many think having a data backup plan is their strongest line of defense, there’s more to it than that. And a lot of it has to do with how a backup works.

How A Backup Works

When you use a backup service, it’s often modeled on a system called “changed block tracking.” This divides your data up into storage blocks, which it mirrors on another system. The backup system monitors your storage blocks, and when one is modified, it backs up the equivalent block in your backup.

The problem is that these backups can’t always differentiate between a regular file modification and a malicious attack. So while you rest easy in the knowledge that you’re backing up your important data, your backup system might be taking the ransomware code with it, rendering your backup completely useless.


Now look, it’s good that you have a backup system in place. But this is just the first step. Here are a few tips you can implement in your systems which will help protect you from ransomware attacks.

1. Have An Anti-Malware Strategy

This one may seem like a no-brainer, but it’s important enough that it bears repeating.

Having a strategy to deal with ransomware attacks is great, but it pales in comparison to having a strategy to protect yourself against attacks before they occur in the first place.

To put this in perspective, imagine your home insurance plan. Yes, this will protect you in case someone robs your house, but does your insurance plan allow you to rest easily with no locks on your doors?

First, deter. And if deterrence doesn’t work, mitigate.

Start with an effective anti-malware software suite. This includes an effective antivirus from a trusted company like Norton, McAfee, Avast, or BitDefender. It also includes a spyware scanner like CCleaner or Spybot: Search and Destroy.

These programs are imperfect, however – they can only protect you from the known risks out there, and even some of those can occasionally slip through undetected. However, they will stop the vast majority of ransomware attacks out there.

Part of your anti-malware strategy should also include keeping your systems up to date as much as possible. The WannaCry and NotPetya ransomware attacks took advantage of a Windows exploit known as EternalBlue. Are your Windows systems updated? Great, you’re safe from these attacks. If not, your systems are at risk.

2. Employ the 3-2-1 Backup Rule

We’ve talked in a previous article about why the 3-2-1 backup rule is important. But here’s another reason why.

Above, we mentioned that a clever ransomware attack can sneak its way into your files, effectively rendering your backup useless. But if you have another backup on top of that one, you’re in good shape.

The 3-2-1 backup rule states that you should have three different backups, on two different types of storage media, one of which is stored off-site. When we say different types of storage media, we’re talking about things like cloud storage, optical devices (CD-R, DVD, Blu-Ray, etc), flash memory (SSD, USB keys, etc), and magnetic storage devices (HDD, tape cassettes, and floppy disks).

Many of these may seem antiquated – many laptops don’t even come with CD-ROM drives these days, and you’d need a whopping 711 3.5” floppy disks to store just one gigabyte of data. But when it comes keeping your data safe, having a storage device that’s physically separated from the rest of your machine helps.

The trick is to keep your backup entirely separated from the rest of your system. This could mean using floppy disks, but you certainly don’t have to. Things like external hard drives, flash memory, and optical storage can all be easily separated from your system and kept in a drawer somewhere until you need them.

To make this work, you’ll need to set a time to manually back up your information on your own instead of the automatic updates that come with your cloud storage. This is clearly the least convenient backup option. But when your cloud storage dutifully uploads the ransomware you’ve just been infected with to its servers, you’ll be glad you took the time.

3. Retain Older Versions Of Your Files

When many people back up their files, they do so by deleting the older version of the file and replacing it with the newest one. This makes sense on a surface level – most programs these days will allow you to roll back to an older version of a file if you need to.

But here’s the thing – sometimes an infection takes root in your system but doesn’t take effect right away. In fact, you may back up your files into your cloud storage and your external storage, only to realize later they were infected with ransomware without you realizing.

See, here’s how ransomware often works. Once it shows up on a device – say, one of your employees’ devices – it will start by encrypting the files on that device, and from there it will start encrypting the files on any networked drives or devices. This can take a long time depending on the size of your network.

Now, the ransomware won’t reveal its presence until it has done its job completely. After all, if it did, you could take measures to stop it or reduce its impact. So if the ransomware is rifling through your systems and encrypting things all over the place, taking several hours to do so, and you’re in the midst of backing up your files, you could end up erasing your clean files and replacing them with ones which have already been encrypted.

Nasty business.

The best way to get around this is to retain older versions of your files as well as newer ones, and on different devices too.

Contact 1st Secure IT

Of course, these steps are only the basics in protecting yourself against the ransomware threats of the world.

If you want the world to take your business seriously, you need a robust IT security strategy designed to protect your systems and your customers’ information. 1st Secure IT can help.

Contact 1st Secure IT today for the peace of mind that can only come from knowing your business is protected by the best IT security team in North America.


1st Secure IT

4613 N. University Drive #323
Coral Springs Florida
(866) 735-3369

Cyber Security Risk Management and Consulting Services | 1st Secure IT | When Compliance Is Not Enough

Cyber Security: Are You At Risk?
How Executives Should Respond To IT Security Breac...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 19 August 2019

If you need help getting started... Contact Us!