Ransomware Attackers Target Backups: Understanding The Threat And Mitigation Strategies

Ransomware attackers increasingly target backup systems, with 51% of attacks in 2023 aimed at destroying backups and 60% succeeding. Sebastian Straub, Principal Solution Architect at N2W, an award-winning enterprise disaster recovery solution, shares the key tactics and strategies for protecting backups against ransomware. Are your backup systems prepared to withstand evolving ransomware threats?

Ransomware attackers are increasingly focusing their efforts on targeting backup systems, a strategy designed to maximise disruption by eliminating recovery options. Recent research highlights that 51% of ransomware attacks in 2023 attempted to destroy or compromise backups, with 60% of those attempts succeeding. This alarming trend calls for heightened awareness and robust measures to protect backup data from cyber threats.

Sebastian Straub, Principal Solution Architect at N2W, a renowned enterprise disaster recovery solution provider trusted by leading organisations like NASA, Cisco, and Deloitte, sheds light on the tactics used by attackers and effective strategies to counter them.

Backup systems are crucial for data recovery during a cyberattack, making them an attractive target for ransomware groups. By compromising backups, attackers significantly increase the impact of their operations. According to research by IDC, this approach ensures that victims face greater pressure to pay ransoms due to the absence of viable recovery options.

Straub emphasises that the shift towards targeting backups represents a strategic evolution in ransomware methodologies, necessitating proactive defence measures.

Tactics used by attackers to target backup systems

Sebastian Straub, Principal Solution Architect at N2W, an award-winning enterprise disaster recovery solution, shares the following insights. Cybercriminals employ a variety of techniques to infiltrate and compromise backup systems. Key tactics include:

1. Stolen administrator credentials: Attackers gain access by stealing credentials for users with permissions over production and backup systems.
2. Social engineering attacks: Employees are tricked into inadvertently deleting or compromising backup data through phishing schemes and other social engineering techniques.
3. Exploitation of backup tools: Vulnerabilities in backup tools or scripts, including weak authentication controls, are exploited to disrupt data integrity.
4. Storage infrastructure breaches: Attackers manipulate weaknesses in operating systems or storage software to delete or encrypt stored backups.

Strategies for protecting backups against ransomware

In the face of these sophisticated threats, organisations must adopt comprehensive measures to safeguard their backup systems. Sebastian Straub, Principal Solution Architect at N2W, recommends the following key strategies:

1. Conduct backup risk assessments: Identifying potential attack paths and vulnerabilities through a thorough risk assessment is a critical first step in backup protection.
2. Air-gap backup systems: Physically isolating backup data from networked systems reduces the risk of cyber attackers gaining access.
3. Implement backup encryption: Encrypting backups ensures that even if attackers access the data, they cannot read or misuse it.
4. Maintain multiple backup copies: Storing multiple copies of backups across different locations enhances redundancy and recovery options.
5. Distribute backups across clouds and accounts: Using multiple cloud services and accounts mitigates risks associated with a single point of failure.
6. Evaluate risk mitigation costs: While reducing risks to zero may not always be practical, prioritising cost-effective measures can significantly enhance security without straining budgets.

The role of N2W in enterprise disaster recovery

N2W has been at the forefront of developing innovative disaster recovery solutions, assisting over 1,000 organisations worldwide. Its robust backup protection strategies have been instrumental in mitigating the impacts of ransomware attacks for enterprises of all sizes.

Straub is available to provide additional insights or to contribute to a vendor-neutral article on best practices for protecting backups against ransomware. Interested parties can reach out to arrange interviews or collaborations.