The number of ransomware attacks on enterprises is growing by the day. After gaining access to a network, hackers inject malicious files and encrypt the data.

“The number of attacks directed at India’s government sector increased by almost 95 per cent in the second half of 2022,” Curtis Preston, Chief Technical Evangelist of Druva, an SaaS-based data resilience solutions company, said.

A reliable data backup and recovery strategy is a must for enterprises and organisations. But what if the backups are targeted? “Backups are copies of a company’s valuable digital assets and the final line of defence against ransomware. Implementing secure backup policies is crucial because it helps business continuity in the event of an attack,” Preston said.

Also read
Almost six out of 10 Indian CEOs (57 per cent) expressed optimism about India’s economy over the next 12 months

Majority of Indian CEOs expect global growth to slow in next 12 months: PwC survey

A few large private and public banks have begun using the option, said one of the sources

Govt lets banks use face recognition, iris scan for some transactions

With the acquisition, the company is anticipating that the business will have a global market reach by leveraging the technology services’ global footprint.

L&T sells Smart World and Communication business to its tech arm

Organisations must restrict access to backup data according to the needs and roles of employees. They must have visibility over who has access to the data and who is accessing it, he said.

Hackers know well that victims immediately fall back on backups to restore systems. So, the onus is on organisations to back up scientifically to insulate from hackers.

Encryption and exfiltration

Most on-premises backup servers are vulnerable to two kinds of ransomware attacks — encryption and exfiltration.

“Hackers attempt to encrypt the backups as well, because they contain the information required to reconstruct the machines after they were compromised by the ransomware attacks,” Preston observed.

“Remember that they (backups) are your last line of defence, and you must hold the line,” he cautioned

Besides the traditional ransomware attacks on backup servers, cyber fraudsters are also increasingly resorting to data exfiltration. They then attempt extortion, threatening to make sensitive data public in the dark web and elsewhere.

“The organisations are left with no choice but to pay the ransom and cross their fingers that the attackers keep their word,” he said

What companies should do to protect backups from ransomware attacks
Curtis Preston, Chief Technical Evangelist of Druva, an SaaS-based data resilience solutions company, lists the following ‘security best practices’ to ensure resiliency of data in an organisation.
Organisations should use observability tools to increase platform security, stop events like bulk deletions or configuration changes, or encryption from ransomware in progress, and accelerate response and forensics tasks with pertinent log and data change records.
Backup data should be encrypted wherever it is kept. Encrypt data at rest using AES 256-bit encryption and data in flight using TLS.
Organisations should use block-level de-duplication and separate the storage of data and metadata. The data’s structure should be concealed, making it impossible for hackers to reconstruct it.
Use role-based access controls to ensure each user has only the access needed to carry out their job.
comment COMMENT NOW