Cloud Backups Might be Your Best Defense Against Ransomware

By  (StorageCraft)

Our partners aren’t strangers to CryptoLocker. In fact, a number of them have successfully thwarted ransomware like CryptoLocker without much trouble by restoring StorageCraft ShadowProtect backups of affected systems; a pretty simple process. The problem is that ransomware isn’t just a trending thing—it’s becoming a serious criminal enterprise.

These days, not only are there malware attacks that use CryptoLocker, there are also hackers attacking businesses directly. Recently, a business called Code Spaces was forced to shut down for good after a hacker gained full access to their network, which was hosted on Amazon Web Services (AWS), and demanded money to return control to the company. They ultimately didn’t pay up and the hacker destroyed their business from the inside by deleting tons of important data.

cryptolocker-2.0

As you likely know, one of the best defenses against this type of data encryption/deletion attack is to have solid backups, both onsite and offsite. In Code Spaces’ case, nearly everything was deleted through the AWS control panel, but there were no local backups of their data to speak of—it was all in the Amazon Cloud.

The first lesson here is to ask yourself if you’ve got local backups. If you don’t have them, get them. The cloud is a great place for secondary backups and to provide lightning-quick emergency failover, but as this instance illustrates, it’s not the only place you should be storing your data. Local first, cloud second.

The second lesson is that you should ask your cloud vendor a few questions about access and security. A recent article in Infoworld by Roger Grimes listed some things businesses should do to prepare for cyber ransom attacks, but aside from some practical suggestions like educating senior management about risks and things of that nature, Grimes also suggested that businesses ask their cloud vendors a number of questions to make sure they are the right vendor to work with. This is true of both hosting companies and storage companies alike.

For our reader’s sake, we’d like to answer the questions Grimes brought up in his article. Note that some of the questions have been modified from their original version to fit our format. The following answers are specific to what our users get from StorageCraft Cloud Services.

How is the data backed up?

As you may know, once users of StorageCraft Cloud Services have a locally saved backup, if they choose not to directly upload the image, they can send a seed drive of their backup image chain to our Cloud Services facility. At the same time, incremental backups of that same system are replicated to the same location. Once the seed drive arrives, the full backup is married with the incrementals and the user gets one current incremental chain, complete with all the recovery points they’ve made, ready for near-instant recovery.

If you wish, you can even mirror the data stored in ourcloud to a secondary data center, giving you another layer of protection for extra-critical data.

Is it possible for a cyber-criminal to access backups and delete them?

We take the utmost care in ensuring that our systems are impenetrable. To date, we’ve never had an instance of successful cyber-attack or data breach. Our data center security is topnotch and features everything from biometric access controls to twenty-four-hour surveillance. And while we do all we can on our end to make sure nobody can access our systems or your cloud backups, there’s still one obvious way a hacker can get in: discovering your passwords.

Keep in mind that there are two required passwords before you can even access your backups if they’re stored in the StorageCraft Cloud. One password gets you into our MSP portal and one encrypts each backup chain. Also bear in mind that all backups you wish to send to StorageCraft Cloud Services can’t be replicated unless they’re encrypted. As with anything you’d like to keep secure, using iron-strong passwords is an absolute must.

How would you get the cloud vendor to initiate a restore?

Luckily, StorageCraft Cloud Services users have the control to spin up backups as virtual machines (VMs) whenever you need them, which will tide you over while we overnight your bare metal recovery (BMR) drive for a full restore. This is great for you because many vendors require you to contact them before you can spin up a VM. With us you can do it the instant you need to.

Has [the cloud vendor] tested a restore?

As with the last question, users of StorageCraft Cloud Services can test a restore on their own by spinning up a VM using the most recent backup. Additionally, you can request a test BMR drive for a nominal fee (BMR drive fees are not charged in true recovery scenarios, only testing scenarios). We recommend testing your backup chains regularly in order to verify their integrity.

If a cyber-criminal deleted your current data, would those deletes be immediately replicated to the backups?

If your network is entirely cloud based, you likely won’t be using StorageCraft solutions at all. As we noted, our cloud backup solutions are secondary to local backups. However, if you were replicating backups to our cloud and a hacker did enter your network and began deleting things, these changes would be recorded in any incremental backups that happen after the deletion. Luckily, the past recovery points already stored in the cloud will still contain any of the data the hacker deleted, whether it’s a file, folder, or something even more important. This is why it’s important to set retention policies wide enough to cover you if a hacker penetrates your systems.

Are server configurations backed up or merely the data?

Another great benefit of StorageCraft solutions is that our StorageCraft ShadowProtect backup software takes an entire volume image. Your OS, settings, files, folders, and anything on the system are stored in their current state, which can then be stored locally and replicated to StorageCraft Cloud Services, if you so desire. This is useful because it covers you beyond simple file and folder backups, and allows you to recover an entire system locally or spin it up as a VM from the cloud in a matter of minutes.