Ransomware is here to stay. Make sure you’re prepared!
This year will mark the ten-year anniversary of CryptoLocker which, in many ways, started most people’s relationship with ransomware. That’s a long time to be talking about just one type of threat, so it’s understandable that some security professionals treat new reports of these breaches as white noise. The trouble is that the more we treat every attack as the same old thing, the easier it is for attackers to make changes to their tactics and improve their success rates.
Speaking of disaster recovery (DR), there have been reports that bad actors have focused on attacking the backup infrastructure to give victims no other choice but to pay the . This can be a broad stroke that either finds your backup repositories and deletes them or destroys the entire backup server and its database so you can’t recover. More targeted attacks have used stolen credentials to change backup jobs, meaning that the job succeeds and the amount of data is the same in the job log, but it’s not the data you expect to recover. Since most organizations don’t regularly test their recoveries, they wouldn’t see this issue until it’s too late. What gets forgotten is that the first scenario can be automated, and any commodity threat can have this ability too. The second scenario probably involves a hacker in your network, and they’re planning on being there for a while.
In a way, you have to respect the innovation of malware groups since some of their adaptations are pretty clever. The point is that these risks have evolved over time, and in the 2022 we saw these tactics being used in 94% of attacks so if you treat all ransomware the same, you’re probably going to end up losing data.
How to Protect Against Ransomware
With the release of Veeam Data Platform, now is a good time to review some best practices for protecting your backups and proving that you’re ready and able to recover.
Implement a DR Plan
This goes back to my white noise comment, but there was a recent IDC report that said most companies only update and test their DR plans once per year so it’s worth repeating. Hope is not a strategy, and this is why v12 improves upon Veeam’s ability to automatically create and maintain your DR plans and use them as a baseline for regular, automated testing.
Immutability Everywhere
Immutability has gone from a nice to have feature to a requirement in protecting against evolving threats. Companies still struggle to implement immutability since it can mean investing in new hardware or, in Veeam’s case, changing the configuration of your existing storage. This evolution in threats should make immutability a priority, and with V12 we’ve made it easier for you to set up immutable targets. We’ve also introduced direct to object storage, which gives you effectively unlimited storage since you can group devices into storage pools that can continue to grow with your storage needs. Object storage also improves the durability of your data since corruption is less likely to occur. This is critical when planning for recovery.
Encrypt Backups
Of course, you’re already doing this. But if there’s someone out there who isn’t encrypting their backups, doing this adds an extra layer of security and makes it more difficult for attackers to access your data.
Verify Backups Regularly
Regularly verifying your backups ensures that you have a good backup copy and can restore your data if you need to. Veeam Recovery Orchestrator has added additional capabilities as part of V12 to help change the statistics that IDC report mentioned above. Regular testing also makes it harder for attackers to make changes without you noticing and therefore lets you be more proactive and get in front of recovery issues.
Limit Access to Backups
Almost all breaches over the past ten years have involved stolen credentials. If you’re following security best practices, you don’t have to worry about being the guy who used the same password for his domain administrator account and Facebook. You don’t re-use passwords, you have different passwords for each account and you change them regularly.
If you’re following Veeam’s best practices, your server is not joined to the Active Directory Domain, is using a unique password and is properly segmented from the rest of your network. We’ve also added multi-factor authentication (MFA), which you should turn on immediately. Now is also a good time to invest in a password manager and get rid of that file on your desktop called password.txt.
Keep Software and Security Protocols Up to Date
We all know patching is important to keeping your backups safe from new and evolving threats. At Veeam we take vulnerabilities seriously, which is why we are open with our customers and notify them when issues are found. If you’re being proactive, you can sign up for a weekly summary of Knowledge Base articles or add alerts into your ticketing systems with our RSS feed.
Monitor for Anomalies
Detection technologies can only get you so far. So, many organizations have begun to look for indicators of compromise (IoCs) to find emerging threats. There are many ways to define an anomaly and, in the example at the beginning of this article, changes to a backup job outside of the normal maintenance window may be worth investigating as well. Being able to not only see when a job was changed but who made the change and what data was affected can help your security teams scope an attack and limit the damage.
Preparation and Planning Leads to Successful Recovery
Most DR plans weren’t designed to work at the scale of a ransomware attack. Add in the complexity of modern IT environments and it’s no wonder why most companies choose to pay a ransom. At the end of the day, backing up your data is the easy part — it’s the recovery that’s hard. Veeam is the best at data recovery since we’ve always been focused on it. Everything we do is designed to help you successfully back up your data and get back into production after a crisis. Veeam Data Platform makes recovery even more reliable.
Learn more about V12 and how you can be part of the elite club of organizations that can recover from an attack without paying a ransom with Veeam’s ransomware protection.
