How Immutable Backups Protect Against Ransomware

An immutable backup or immutable storage means that your archived data is fixed, unchangeable, and cannot be modified, encrypted or deleted. When it comes to preserving your data in the event of a ransomware attack, immutable backups are a critical component of your organisation’s business strategy and data recovery plan.

This type of archived data cannot be altered or changed, and it is impervious to malicious deletion or ransomware encryption. Keeping immutable backups on air-gapped server media adds an additional layer of security to ensure you have a recent copy of your ‘kidnapped’ encrypted data.

Ransomware Overview

Ransomware is a malicious type of malware that encrypts a victim’s files. It allows the cybercriminal responsible to then demand a ransom to restore the victim’s data. Usually, the victim receives instructions for paying the fee in exchange for a decryption key. If your business becomes a victim of a malware attack, you can expect to pay hundreds to thousands of dollars. This payment is usually paid in Bitcoin or another untraceable cryptocurrency. (check out our article on cryptojacking).

A ransomware attack usually begins with a phishing email (or SMS text) with a link of attachments that appears legitimate. This link or attachment then downloads a malicious ransomware malware program.

While ransomware can be programmed to perform various destructive tasks, it most often locates and encrypts valuable data. Once your essential data is compromised, you face the difficult decision to either contact the authorities or agree to pay the ransom.

Can Ransomware Encrypt Backups?

Yes, ransomware can encrypt data backups. While having backups of your network data is an essential component of your disaster recovery plans, it is not fool-proof protection. Most backup tools were designed before ransomware evolved into the primary method to extort money from businesses. 

Network architecture is, by design, sprawling with branches that connect media servers, storage repositories, and other media agents. This leaves vulnerable points all along the network. Ransomware is designed to target and encrypt data anywhere it finds it, even backup copies stored on local servers and the cloud.

Many businesses that have been victims of ransomware also had their backup files encrypted along with the live version. With backup data also encrypted, companies have no choice other than to pay the ransom or risk losing everything. It only takes one successful phishing email to compromise your network. 

Fortunately, Securus Communications offer a modern backup system that can defend against ransomware attacks. Our secure cloud-based backup solution uses a combination of immutable backups and airgap technology to ensure your archived data is safe.

What Are Immutable Backups?

To defend against ransomware attacks, you should ensure that your backup copies use immutable technology. That is, the files cannot be encrypted, deleted, or otherwise modified in any way. Immutable backups ensure data can’t be tampered with or removed. 

When it comes to hindering ransomware, immutable backups act as an impenetrable wall against attacks to your archived data. The ransomware may find its way into the network and find the data, but it can’t do anything to it. The backups remain safe, stable, and ready to restore systems to their last healthy state when needed. Cybersecurity and antivirus defence are still a must; however, immutable backups are the failsafe for those times when malware still manages to make its way through all the security checkpoints.

Many industries are already employing immutable backups as part of their storage protocols for compliance as well as security. Law enforcement agencies already apply immutability to store digital surveillance audio and video to ensure the authenticity of the data. Likewise, healthcare providers are required to have immutability in the primary systems as well as their backups. 

How Do Immutable Backups Work?

The foundation of immutable storage is that data storage remains completely static and untouched from the point of creation. Immutable storage systems can designate which data is stored in this form and ensure that it is never modified, tampered with, or removed.

Immutable storage applies to data stored on any conventional storage media or platform. This includes disks, tapes, and Solid-State Drives (SSDs). Cloud technology makes immutable storage a cost-effective, flexible, and easy to manage method for ensuring data permanence. Cloud computing allows for managed services across entire networks, enabling administrators to manage all local and cloud networks from a central location. 

Immutable storage is just one example of how IT security teams can protect data in the cloud. With immutable storage, the admin or user who creates a file can incorporate the specified immutability policy. Once that’s in place, the data actually protects itself, freeing IT security teams to focus on other aspects of ransomware attacks, such as preventing them from breaking into the network in the first place.

How Immutable Backups Protect Against Ransomware

Immutable data architecture is, by design, fundamentally resistant to attack. While your antivirus software defends and protects data from ransomware, immutability reduces the impact of ransomware attacks as it cannot be altered or encrypted.

Immutable systems use a file system technology that takes a modern approach to file data. It enables you to use object storage in any platform, whether in a private or public cloud. To the end-user, this appears to be like any familiar file system. You can open, edit, save, copy, or delete files as an authorised user. 

Files are stored as blocks in cloud object storage as a single authoritative data set from which every user in the organisation works. Those data blocks are immutable, which means they are stored in a “Write Once, Read Many” form. Once they are stored, they cannot be edited, overwritten, or deleted. Thus, they are impervious to all forms of malware, including ransomware.

Air Gap Backups

Air-gapped backups are gaining popularity with organisations because ransomware remains such a huge cyber threat. While air gapping is not a new concept, it has evolved to include cloud technology. An air gap is a configuration for backups where backup data is stored offline, separate from the network. 

This offline location can be a physical safe holding removable media or a cloud server disconnected from the main network. Because the data is isolated, cybercriminals cannot access the data remotely and, therefore, can’t encrypt, damage, or delete it. Adding immutable technology to this solution increases security still further.

Traditional air gaps used removable media, primarily tapes, to store data offline and stored in some form of physical vault. Thanks to the cloud, another method is to store in a digital vault called an air-gapped network. Our cloud backup architecture is designed to store data in isolation using a one-way data airgap technology that does not require the removal of physical storage.

As your stored data on our platform is also immutable, even if the ransomware malware managed to make it past all your security defences, it would still need to overcome our hardened air-gapped technology to then find immutable files that cannot be altered or encrypted.

Do Any Cloud Backup Services Offer Immutable Backups?

Yes, Securus Communications offer a cloud-based, immutable backup service as a secure, economical solution to protect against ransomware and other cyber threats. We work with your IT team to configure immutability options at the storage level within your existing cloud. Once cloud immutability is enabled, your entire storage container becomes a locked vault. The contents within cannot be changed, deleted or encrypted against your will.

Our storage is air-gapped from the primary network, adding an additional layer of protection from malicious attacks. You can access our secure cloud backup from anywhere via a secure VPN or private NNI (Network To Network Interface), which means you can begin the data recovery process immediately after removing the ransomware from your production environment. With the traditional method of tape media, you would need more time to travel to the off-site location to retrieve the tapes.

Conclusion

With immutable backups and airgap technology, you give your organisation solid protection against any form of data corruption, accidental data deletion, and malicious malware attacks such as ransomware. Should any of these events occur, you can rest easier knowing that you have recent, immutable backup copies of your data stored on an air-gapped server.

Ransomware has evolved to find its way into your backup servers. While your IT teams remain diligent in identifying and blocking these attacks, having immutable backups means that you remain protected if ransomware evades these security measures and encrypts the data in your production environment.

Please get in touch to discuss your secure backup requirements in more detail. We offer a completely free consultation with one of our technology experts to fully go over your precise needs.

Further Technology Articles