How ‘Air-Gap’ Backup Technologies Help You Stop Ransomware Attacks
No matter how hard you try, you can’t escape ransomware. The volume of ransomware attacks reached an unfathomable 623.3 million globally according to the 2022 SonicWall Cyber Threat Report, a 105% year-over-year increase.
One Russian ransomware gang has developed a new approach that hunts for privileged users and services to access, exfiltrate, remove, and encrypt backups so the victim organisation can’t recover.
Some ransomware strains now start by scanning shared corporate network drives for existing backup archives. Others first infect an organisation’s production IT environment before starting an attack. This is where it gets sneaky, as the infected production data is then backed up and stored. At this point, the cybercriminal executes a ransomware attack, forcing the organisation to use its backup data to recover.
The result? The recovery takes the ransomware back into the production environment—and the organisation is victimised. With backup software and data in hackers’ crosshairs, what’s needed is a solution that safeguards your backup data no matter what. Air gapping is the answer.
Air Gaps: Physically Disconnecting Your Backups
In a recent report, “Leverage Air-gap Technologies to Stop Ransomware Attacks and Meet Operational Objectives,” DCIG President and Founder Jerome Wendt writes about how air-gap technologies stop ransomware attacks and help you meet operational objectives.
Wendt says, “Air gaps represent a practical and cost-effective step that organisations may take to secure their backup data from ransomware attacks.” He goes on to say that organisations may use physical, logical, or both types of air gaps. A physical air gap means your backups are stored on media disconnected from your IT environment, often using tape backup solutions. A logical air gap stays connected to your network, with users accessing controls to isolate the backup data from your production environment.
Since ransomware can’t “see” or find these backups, your data can’t be compromised. If you want to keep your backup data on-premises, using an immutable storage system for your backup data makes sense. Immutable backups are created as a write-once, read many times file that can’t be altered or deleted. And because physical and logical air-gapped storage solutions are affordable, they are an even more attractive option.
Making Air-Gap Deployments Work
The DCIG report offers four crucial strategies for efficiently structuring your air-gap plan. These include:
1. Require User Authentication for Access
Wendt says three components must be secured as part of the backup process. First, you shouldn’t assume your backup software security meets your expectations. Some backup software still uses default user logins and passwords, potentially opening the door to hackers to block or eliminate your air gap measures if they can gain access. Confirm that your selected backup solution requires complex passwords on installation or first use. Next, for enterprise backup software, your software should offer multi-factor authentication (MFA) and the ability to integrate with Active Directory. Finally, backup software that provides role-based access control (RBAC) that requires a second person to approve the performance of specific tasks like deleting backup data before it is set to expire is a big plus.
2. Be Sure You Can Manage Multiple Air-Gap Technologies
A solid backup software solution supports both logical and physical air-gap technologies. Your organisation may use multiple air-gap technologies extending from cloud storage to removable storage media. Robust backup software also offers support for tape libraries. And your backup software should support creating policies for backup data management, including backup targets, retention schedules, and business rules.
3. Use Immutable Backup Storage
We’ve already covered the importance of immutable storage of your backups. For on-premises backups, make sure your backup software stores your data in a truly immutable format to prevent changes or deletions while still affording you a fast recovery.
Arcserve OneXafe employs a file system based on an immutable object store, with every object written only once—it can never be altered or deleted. Any modifications you make to your file system result in new immutable objects being created.
OneXafe provides continuous data protection (CDP) by taking low-overhead snapshots—a view of your file system at the instant it is taken—every 90 seconds. These snapshots inherit immutability from the underlying objects, ensuring your backups can’t be hurt by ransomware. And if you ever need to, the snapshots let you go back to specific points in time and recover your entire file system in minutes.
4. Monitor and Scan Your Backup Data
Since your cyber security defences can’t stop every threat—even with firewalls, spam filters, and antivirus software—if a ransomware strain is undetected within your network, it may also make its way into your backups. If you need that backup, you’ll bring the ransomware back in along with your data. Look for backup solutions that can monitor itself for unusual user activity and your backup data for any out-of-the-ordinary changes. The software should also be able to scan your backup data to seek out any hidden ransomware.
Meet Your Backup Demands with Arcserve
The DCIG report states that the Arcserve product portfolio allows you to put these four strategies in place to manage your air-gapped backups effectively. And Wendt closes by saying that with Arcserve, users “…may quickly back up, secure, and analyse their data knowing they have reliable, clean backups. Equally important, they may recover their data wherever they need it in the time and manner they need it.”
Arcserve ‘OneXafe’ Immutable NAS for Data Backup & Ransomware Recovery
OneXafe guarantees a Ransomware-free future by protecting your backups with truly immutable, air-gapped object storage that is 100% impervious to Ransomware, accidental deletion, or any other data threats.
Ransomware is continuing to grow at an astonishing rate and is now much more likely to occur than a traditional data disaster. The only way to guarantee the availability and restorability of your backups is to create an air-gap that ransomware simply cannot reach. The best way to achieve this is with Immutable Network Attached Storage (NAS), where every object is written only once, and can never be altered or deleted.