Ransomware Can Target Backup Tapes

Ransomware Can Target Backup Tapes

Data tapes can significantly reduce security vulnerabilities, and many businesses are turning to tape for protection against ransomware attacks. It’s a strong strategy, as air-gapped backups can allow for quick disaster recovery in a disaster. However, all backup strategies need to be assessed carefully.

Modern ransomware targets backups by design. That includes all types of backups — and while data tapes are less vulnerable than a networked backup system, managers still need to take appropriate precautions to secure their cold storage.

How Ransomware Variants Can Compromise Backups

Prior to 2017, ransomware attacks were frequently scattershot operations. Bad actors created phishing campaigns to compromise outdated systems, but few variants were designed for specific targets. That changed quickly in May 2017, when the WannaCry ransomware variant began spreading. While WannaCry wasn’t the first variant to target backups, it was the most widespread — by targeting volume shadow copies, the malware was able to compromise full systems that used basic backup procedures.

Modern enterprises have sophisticated backup plans (at least, far more sophisticated than keeping backups as basic volume shadow copies), but newer variants have made adjustments to prevent backups from being viable. Some points to keep in mind:

● Most targeted ransomware attacks do not activate immediately after infection. Ransomware may be dormant on a system for months. That ensures that any backups made after infection will be effectively useless.

● Modern ransomware variants are designed to target backup systems. Attackers utilize APIs to discover and eliminate backups, either through deletion or encryption.

● Some ransomware variants will delete backups immediately, but others won’t take action until activation.

● Modern variants will also target data in the cloud, which is why isolated backups are essential for preventing system-wide infection.

Data tapes are designed to protect against accidental deletion, hardware failure, and other common causes of data loss, but they’re limited by the backup software used to write the data. Typically, these programs aren’t designed to prevent ransomware from being written to the backup.

This does not mean that tapes are a poor ransomware mitigation strategy — data tape archives are the most effective way to prevent a successful attack, as an air-gapped backup will allow an enterprise to successfully recover without paying a ransom. However, IT managers need to evaluate their disaster recovery protocols carefully and limit potential sources of exposure.

Protecting Data from Ransomware

Many security vulnerabilities can be addressed easily. To develop a robust and secure system, you’ll need to limit the potential for an attack and have a solid plan in place for when an attack occurs.

That starts with a few common-sense steps:

Limit access to backup systems. Most ransomware is distributed via phishing campaigns, but that’s not always the case. Backup systems should be regularly updated to resolve vulnerabilities. Limit employee access to these systems and prevent employees from using unauthorized peripherals (such as USB drives or optical media) when performing their duties.

Educate employees. The best way to recover from an attack is to prevent it from happening in the first place. Create clear practices, instructing employees not to open unexpected email attachments, even when working remotely.

Keep multiple “golden copy” backups. Make sure your backups occur on a reasonable schedule. Maintain several recoverable copies of mission-critical data — “golden copies” — and check these backups for consistency.

Upgrade your data tapes to modern formats. While older tape formats aren’t necessarily more vulnerable than modern formats, older backup software can have vulnerabilities, and newer formats like LTO-8 can greatly decrease downtime in a disaster.

Finally, recognize that no security policy can completely eliminate the possibility of a ransomware infection. At the enterprise level, bad actors have too many front-door options for infiltrating a system, so an appropriate disaster recovery strategy is absolutely essential.

When planning for an attack, work with an experienced tape migration partner. Total Data Migration’s experts can help your business get back up and running while ensuring that ransomware doesn’t infect the restored system. Our team can also help you migrate your library to newer formats while converting files, ensuring a faster response. Contact us or call (800) 460-7599 for a free consultation.