Keeping backup data secure to minimise ransomware damage

Ever since the Covid-19 pandemic took hold and offices across the world locked down, threat actors have been using ransomware to take advantage of vulnerabilities associated with remote working. Attacks via emails and text messages relating to the virus, from false offers of PPE to bogus vaccine propositions, have attempted to fool people into giving away credentials. So, performing frequent backups and protecting that data is more critical than ever before.

Forrester‘s 2019 Guide to Paying Ransomware report projected that successful ransomware attacks will cost businesses $11.5 billion a year alone, which doesn’t include the additional costs of losing the trust of customers and partners. But damage cannot be minimised by backup solutions alone; also needed are multiple layers of defence put in place by the workforce, and a solution for protecting backup data.

A multi-layered defence

A whitepaper authored by IT management company, Quest, recommends that a number of measures be applied to security practices. Having these in place allows for a clear picture of what aspects are sufficiently secure, as well as where vulnerabilities lie.

These layers include, and are not limited to:

  • End-user training: Your userbase needs to be completely aware of the dangers that attack vectors and methods pose, as well as the risks of opening malicious links. Users must be educated on the ways that ransomware can enter company networks, which include downloads, file sharing sites, fake websites and phishing attempts. Additionally, this training must address physical vectors, such as infected USB keys that could be left somewhere.
  • Patching: Organisations need to regularly keep systems up to date, a process that is best carried out when automated, as opposed to relying on memory or spreadsheets.
  • Considering other operating systems: Ransomware is not only capable of infiltrating Windows servers, but Linux too, so keep those servers up to date as well.
  • Network monitoring: Security teams must keep an eye on re-routing, spoof apps, traffic re-direction, and anything else that looks like traffic interception. These can be signs of a Man in the Middle (MITM) attack in progress.
  • Data protection: Using network shares to back up your data can be ineffective, due to network shares being a key target for threat actors, and the fact that backup solutions have access to company data makes them just as vulnerable. Organisations must ensure that their backup software and data is, in itself, properly secured.

How your business can achieve continuous data protection

Three business and data leaders help Information Age reveal how your business can achieve continuous data protection. Read here

Preventing damage

When dealing with ransomware, organisations must not only ensure that their workforce is vigilant about potentially harmful message content, but also have the best possible backup and recovery technology in place. A recent report from IT analyst firm DCIG explored such solutions for SMEs, and listed Quest NetVault® Plus as one of its top 5 picks.

Quest NetVault Plus encapsulates two products: NetVault, for cloud-ready data protection, and QoreStor®, for software-defined deduplication and replication. Combining these elements not only means that core company data is protected from damage done by ransomware, but backup data can be transported from source to destination without the need for traditional media servers, eliminating another vulnerable target. And, NetVault still supports backup to tape, providing “air-gap” protection.

With NetVault Plus, users can leverage abstract backup storage that runs on a different platform and operating system to core storage. Backup data cannot be modified by any application, and when being transferred, its Secure Connect Technology is employed to wrap the data and control commands in a TLS 2.0 secure layer.

Taking responsibility for cyber security in a truly virtual world

Charlotte Walker-Osborn, international head of technology sector at Eversheds Sutherland, sheds light on cyber security responsibility. Read here

DCIG’s evaluation of NetVault Plus cites the following three aspects as differentiators from competing ransomware backup solutions:

  • The option to use NetVault login credentials to protect users from common attacks on solutions integrated with Microsoft Active Directory;
  • The offer of an alternative standard to more common industry protocols to communicate with QoreStor, called Rapid Data Access (RDA), which provides improved backup performance, while making data essentially invisible as no documented ransomware recognises it;
  • Separate NetVault authentication for QoreStor, which protects users from instances in which ransomware manages to infiltrate NetVault, as it would still need unique credentials to access QoreStor.

Minimise ransomware damage with Quest

With the aid of a multi-layered defence built on a mixture of collaborative and educated culture, alongside the highest possible standard of backup data protection, your organisation can gain peace of mind from knowing that your assets are secure from ransomware.

Quest Software is an IT management software company that looks to help organisations through the toughest IT challenges while keeping up with future developments.