How to Protect Your Cloud Storage and Backups From Ransomware
One of the most devastating types of malware is ransomware. It infects files with an encryption algorithm and makes them unreadable. The attacker then demands a ransom to provide the key to decrypt the files.
According to the Sophos State of Ransomware 2020 report, costs to remediate a ransomware attack can range from $732,520 (ransom isn’t paid) to $1,448,458 (paid ransom). Ransomware volume is also increasing as large criminal underground organizations utilize it as a money-making enterprise. According to the FBI, annual ransomware attacks have increased 147% over the last two years.
If you have your data in a cloud service, such as cloud storage or a cloud backup, it’s not safe simply because it’s offsite. In fact, a majority of ransomware attacks today are targeted at cloud data. This is because many companies have migrated data to a cloud environment for business continuity.
The Sophos report found that 59% of 2019 ransomware infections happened in the public cloud. This would include locations like Dropbox, Microsoft 365, Google Drive, and many other SaaS platforms.
One example of how this happens is from a small business called Children in Film that was using all cloud solutions for their workflow, including cloud storage. While an employee was logged in and syncing with OneDrive, they opened a phishing email in Outlook. The file attachment they opened was disguised as an invoice but contained ransomware. The ransomware quickly spread through their computer and the company’s OneDrive file storage of over 4,000 files, infecting everything.
To stay secure from severe downtime and potential data loss due to ransomware, it’s important to have a backup of all your data. But if that backup is in the cloud, it also needs to be protected from ransomware.
How Does Ransomware Infect Cloud Storage & Backups?
The two most common ways for cloud data to be infected with ransomware are:
- Through an infected computer that is syncing with a cloud service.
- Through an account takeover, where a hacker log’s in as a user and directly infects a company’s cloud storage.
What Can We Do To Protect Our Cloud Data From Ransomware?
Ensure Your Cloud Storage System Uses Versioning
One way to ensure you have a non-infected copy of your files is to use a cloud system that has versioning. This is available in most major cloud storage platforms. It keeps a certain number of prior copies of a file that can be reverted to as needed.
This won’t keep cloud storage from getting infected but having prior versions of your files can help you recover faster. Typically ransomware will infect the active copy of a file (most current) but not prior versions.
Implement the 3-2-1 Backup Rule
The 3-2-1 Backup Rule helps companies avoid data loss disasters by keeping more than one backup copy of their data.
It states that you should:
- 3: Keep three copies of all your data (e.g., 1 on a PC hard drive, 1 in cloud backup, 1 in a non-syncing backup).
- 2: Keep at least two copies on different types of systems (e.g., in the cloud and on-premises).
- 1: Keep at least one copy in the cloud and accessible from anywhere.
Too many businesses get in the habit of streamlining file storage a little too much, so they end up all using a syncing cloud storage system and having just one copy of their data. It’s important to have duplicate copies of your data so those backups can be protected in different ways.
Use Advanced Storage Techniques, Such as Object-Based Storage
When you work with the right IT partner, such as GEEK911, you can implement advanced cloud storage techniques that don’t allow files to be easily infected by computers that might be backing up data.
One of these is called object-based storage. Instead of storing data in files and folders, it uses object containers with custom identifiers to store backed-up data and keeps it in separate storehouses. This blocks the normal path ransomware takes to infect files, acting as an effective safeguard.
Keep One Backup Offline
One way to keep ransomware from infecting a backup is to keep that backup offline. If you’re using the 3-2-1 backup rule, you can still have a cloud-accessible backup and another backup that is stored offline where it can’t be infected by a synced computer.
This could be done via network-attached storage or an external hard drive. Once a daily backup is performed, the drive can be disconnected to prevent accidental infection or attack.
Looking for Secure Cloud Storage & Backup Solutions?
GEEK911 can help your Silicon Valley business put fluid and secure systems in place to keep all your cloud data protected.
Contact us today to schedule a consultation! Call 1-866-433-5411 or reach us online.