Cybersecurity Awareness month: The Overlooked Power of Backups in Ransomware Defense

Reading Time: 7 minutes

Ransomware attacks have become a serious threat, targeting businesses, government organizations, and individuals alike. These malicious attacks work by locking users out of their own systems and demanding payment to regain access. What’s more alarming is how frequently they happen: every 11 seconds, a business somewhere in the world falls victim to ransomware.

Safeguarding your data is no longer an option—it’s a necessity. But one defense against ransomware that’s often overlooked? Backups. In this blog, we’ll delve into why backups are essential for ransomware protection, provide actionable steps to protect your data and share a few funny stories to lighten up the seriousness of the topic.

Cybersecurity Awareness Month

Since 2004, the President of the United States and Congress have declared the month of October to be Cybersecurity Awareness Month, a dedicated month for the public and private sectors to work together to raise awareness about the importance of cybersecurity. 

Over the years it has grown into a collaborative effort between government and industry to enhance cybersecurity awareness, encourage actions by the public to reduce online risk, and generate discussion on cyber threats on a national and global scale. October 2024 marks the 21st Cybersecurity Awareness Month. 

Secure Our World

Starting in 2023 with the launch of CISA’s cybersecurity awareness program, Secure Our World will also be the enduring theme for all future Cybersecurity Awareness Months. This theme recognizes the importance of taking daily action to reduce risks when online and connected to devices. Organizations can use the Secure Our World theme when planning for the 2024 and future Cybersecurity Awareness Month campaigns.  

Understanding the Ransomware Threat

Ransomware is a type of malicious software designed to encrypt a victim’s files, rendering them inaccessible. The attacker then demands a ransom in exchange for the decryption key. What makes ransomware particularly insidious is its ability to target anyone, from individual users to large corporations and critical infrastructure.

The statistics are sobering:

• The FBI reports over 4,000 ransomware attacks occur daily.
• 50% of small to medium-sized businesses have fallen victim to cyber-attacks.
• Of those attacked, 60% go out of business within six months.

These numbers underscore the urgent need for robust ransomware protection strategies.

The “I Thought You Had the Backup” Saga

Imagine that: A mid-sized accounting firm, let’s call them “Number Crunchers Inc.,” prided themselves on their cutting-edge technology. They had the latest firewalls, top-notch antivirus software, and a team of IT professionals who could recite cybersecurity best practices in their sleep. What they didn’t have? A reliable backup system.

One fateful day, as tax season reached its crescendo, their systems were hit by a particularly nasty strain of ransomware. As panic set in, the CEO turned to the IT manager and asked, “We have backups, right?”

The IT manager smiled confidently. “Of course! We back up everything to our state-of-the-art server.”

The relief was palpable… until they realized the “state-of-the-art server” was on the same network and had also been encrypted by the ransomware.

In a moment of desperation, the IT manager remembered an old external hard drive they used “back in the day.” They dug it out of a dusty drawer, plugged it in, and found… a complete backup of the company’s 2005 March Madness brackets and a folder full of “hilarious” cat memes.

The moral of the story? A backup is only as good as its last test restore and its isolation from the primary system. Don’t be like Number Crunchers Inc. – test your backups regularly and keep them segregated from your main network.

The Limitations of Traditional Security Measures

While traditional security tools like firewalls, antivirus software, and endpoint protection are essential components of a multi-layered defense strategy, they’re not enough. Cybercriminals are constantly developing new techniques to bypass these defenses. Your security is only as strong as its weakest link, and all it takes is one successful phishing email or unpatched vulnerability for ransomware to infiltrate your system.

This is where backups come into play as a critical last line of defense.

Backups: Your Technical Safeguard Against Ransomware

Why backups are so effective against ransomware and how to implement a robust backup strategy:

1. Identify and Eliminate Data Silos

Data silos are isolated pockets of data within an organization that are not easily accessible or monitored. These silos can become blind spots in your backup strategy.

Technical Solution: Implement automated discovery and backup tools. For example, Synology’s Active Backup for Business suite includes an Auto Discovery feature that can be configured to automatically add new virtual machines to your backup tasks (Learn more about Synology’s virtual machine manager). Similarly, Active Backup for Office 365 allows you to automatically add new sites or user groups to your backup tasks (Learn how to configure active backup for Office 365).

The Case of the Forgotten File Server

A large manufacturing company, “Widgets & Gizmos Corp,” had a sophisticated backup system for their main data center. However, they forgot about an old file server in a remote office that wasn’t included in their backup strategy. When ransomware struck, they confidently restored their main systems, only to realize that critical design files for their best-selling widget were trapped on the forgotten, now-encrypted server. The lesson? Don’t let any data slip through the cracks – automate your discovery process to catch those sneaky silos.

2. Optimize Backup Efficiency

Efficient backups are crucial for ensuring comprehensive coverage without overwhelming storage resources.

Technical Implementation:

• Use incremental backup techniques to only back up data that has been added or modified since the last backup.
• Implement global data deduplication to store only unique data blocks, significantly reducing storage requirements.
• Utilize a single-pane-of-glass interface for managing backups across diverse environments (physical servers, virtual machines, cloud services).

The Tale of the Never-Ending Backup

Once upon a time, in a tech startup far, far away, there was a well-meaning sys admin named Dave. Dave believed in thoroughness above all else. He set up a backup system that made copies of everything. And we mean EVERYTHING. Every time someone saved a file, it was backed up. Every email, every chat message, every accidental screenshot of someone’s thumb – all meticulously copied and stored.

The result? A backup system that took longer to complete than the heat death of the universe. Storage costs skyrocketed, and restore times were measured in geologic epochs. Poor Dave spent his days watching progress bars that seemed to move backward.

The moral? Efficiency matters. Use incremental backups and deduplication, or you might find yourself explaining to the CEO why the company’s entire budget is now dedicated to storing backups of cat videos shared in the company chat.

3. Strategic Retention Policies

Ransomware often lies dormant in a system for months before activation. Your backup retention policy needs to account for this.

Technical Approach:

• Implement a tiered retention policy. For example:
  • Daily backups retained for 30 days
  • Weekly backups retained for 3 months
  • Monthly backups retained for 1 year
• Use versioning to keep multiple iterations of files, allowing you to roll back to a clean state.

4. Regular Backup Testing

The worst time to discover a flaw in your backup system is during a ransomware recovery.

Technical Process:

• Schedule automated test restores to verify backup integrity (How to set up instant restore to VMware).
• Implement instant recovery features that allow you to spin up critical systems as virtual machines directly from backup data.
• Practice full disaster recovery scenarios, including offsite backup restoration.

The “It Worked Last Time” Fallacy

Let’s give an example. Meet Sarah, the IT director at “Secure-R-Us,” a company that ironically specializes in security solutions. Sarah was confident in her backup system. After all, it had worked flawlessly during a test… two years ago.

When ransomware struck, Sarah confidently initiated the restore process, only to find that the backup software had been silently failing for months due to a minor configuration error. As she stared at the “Backup Not Found” message, she could almost hear the ransomware laughing at her.

The lesson? Test your backups regularly, or you might find yourself starring in your own IT horror story.

Use Immutable Snapshot

Immutable snapshot from Synology is a WORM (Write Once, Read Many)–based technology that restricts any changes and deletions of your data within a specified period of time. In addition, shared folders, LUNs, volumes, or storage pools that contain immutable snapshots cannot be deleted. Therefore, this feature ensures protection against tampering and accidental operations of your data.

This article guides you through creating immutable snapshots.

5. Implement the 3-2-1 Backup Rule

This golden rule of backup strategies is particularly effective against ransomware.

Technical Implementation:

• 3: Maintain at least three copies of your data
• 2: Store backups on two different storage types
• 1: Keep one copy offsite (or usually: on the cloud)

Use tools like Synology’s Hyper Backup or Snapshot Replication to automate the process of creating offsite backups.

The “All Eggs in One Basket” Disaster

A small law firm, “Legal Eagles LLP,” thought they were clever. They invested in a top-of-the-line NAS device for their backups. It was redundant, it was fast, it was… in the same office as their main servers.

When a disgruntled ex-employee “accidentally” spilled coffee on both the main server and the backup NAS (quite a coincidence, right?), the firm found itself in the unenviable position of trying to piece together client cases from Post-it notes and fading memory.

The moral? The 3-2-1 rule isn’t just a suggestion – it’s a lifesaver. Keep a copy offsite, unless you enjoy impromptu memory games with your critical data.

The Human Element: Making Backups Work for Your Team

While the technical aspects of backups are crucial, the human element is equally important. Here’s how to make your backup strategy more user-friendly and effective:

1. Education and Training: Regularly train your team on the importance of backups and how to use the backup systems effectively. Consider creating a “Backup Awareness Day” where you share backup horror stories (like the ones in this article) to drive the point home.
2. User-Friendly Interfaces: Choose backup solutions with intuitive interfaces to encourage regular use. If your backup software looks like it was designed for the Apollo missions, it’s time for an upgrade.
3. Clear Documentation: Maintain up-to-date, clear documentation on backup and restore procedures. And no, a series of cryptic Post-it notes stuck to the server room door doesn’t count as documentation.
4. Assign Backup Champions: Designate team members as backup champions to help promote good backup practices. Consider awarding a “Golden Hard Drive” trophy to the department with the best backup compliance each month.
5. Regular Reminders: Set up automated reminders for manual backup tasks and periodic backup checks. Make them impossible to ignore – like that friend who keeps reminding you about the $5 you owe them from 2015.

Conclusion: Your Ransomware Resilience Starts with Backups

As we observe Cybersecurity Week, let’s recognize the critical role that backups play in our defense against ransomware (Read more about Synology’s ransomware protection solutions here). By implementing a comprehensive, technically sound, and user-friendly backup strategy, you’re not just protecting data – you’re safeguarding your organization’s future.

Remember, in the face of a ransomware attack, a robust backup isn’t just a convenience – it’s your lifeline. Don’t wait for a crisis to strike. Start strengthening your backup strategy today, and turn this often-overlooked tool into your most powerful ally against ransomware.

And who knows? With a solid backup strategy in place, you might just become the hero of your own cybersecurity story – minus the part where you have to explain to the board why all the company’s files are now named “PAY_ME_OR_ELSE.encrypted”.