Backup and Disaster Recovery

How Air-Gap Cyber Security Technologies Help You Stop Ransomware Attacks and Ensure Backup Data Recovery

April 12th, 2022

No matter how hard you try, you can’t escape ransomware attacks. The volume of attacks reached an unfathomable 623.3 million ransomware attacks globally in 2021 according to the 2022 SonicWall Cyber Threat Report, a 105% year-over-year increase.

One Russian ransomware gang has developed a new approach that hunts for privileged users and services to access, exfiltrate, remove, and encrypt backups so the victim organization can’t recover.

Some ransomware strains start by scanning shared corporate network drives for existing backup archives. Others first infect an organization’s production IT environment before starting an attack. This is where it gets sneaky, as the infected production data is then backed up and stored. At this point, the cybercriminal executes a ransomware attack, forcing the organization to use its backup data to recover.

The result? The recovery takes the ransomware back into the production environment—and the organization is victimized. With backup software and data in hackers’ crosshairs, what’s needed is a solution that safeguards your backup data no matter what. Air gapping is the answer.

Air Gaps: Physically Disconnecting Your Backups

In a recent report, “Leverage Air-gap Technologies to Stop Ransomware Attacks and Meet Operational Objectives,” DCIG President and Founder Jerome Wendt writes about how air-gap technologies stop ransomware attacks and help you meet operational objectives.

Wendt says, “Air gaps represent a practical and cost-effective step that organizations may take to secure their backup data from ransomware attacks.” He goes on to say that organizations may use physical, logical, or both types of air gaps. A physical air gap means your backups are stored on media disconnected from your IT environment, often using tape backup solutions. A logical air gap stays connected to your network, with users accessing controls to isolate the backup data from your production environment.

Since ransomware can’t “see” or find these backups, your data can’t be compromised. If you want to keep your backup data on-premises, using an immutable storage system for your backup data makes sense. Immutable backups are created as a write-once, read many times file that can’t be altered or deleted. And because physical and logical air-gapped storage solutions are affordable, they are an even more attractive option. Wendt notes that using physical storage such as tape can reduce backup storage costs to pennies per TB.

Making Air-Gap Deployments Work

The DCIG report offers four crucial strategies for efficiently structuring your air-gap plan. These include:

1. Require User Authentication for Access

Wendt says three components must be secured as part of the backup process. First, you shouldn’t assume your backup software security meets your expectations. Some backup software still uses default user logins and passwords, potentially opening the door to hackers to block or eliminate your air gap measures if they can gain access. Confirm that your selected backup solution requires complex passwords on installation or first use. Next, for enterprise backup software, your software should offer multi-factor authentication (MFA) and the ability to integrate with Active Directory. Finally, backup software that provides role-based access control (RBAC) that requires a second person to approve the performance of specific tasks like deleting backup data before it is set to expire is a big plus.

2. Be Sure You Can Manage Multiple Air-Gap Technologies

A solid backup software solution supports both logical and physical air-gap technologies. Your organization may use multiple air-gap technologies extending from cloud storage to removable storage media. Robust backup software also offers support for tape libraries. And your backup software should support creating policies for backup data management, including backup targets, retention schedules, and business rules.

3. Use Immutable Backup Storage

We’ve already covered the importance of immutable storage of your backups. For on-premises backups, make sure your backup software stores your data in an immutable format to prevent changes or deletions while still affording you a fast recovery.

4. Monitor and Scan Your Backup Data

Since your cybersecurity defenses can’t stop every threat—even with firewalls, spam filters, and antivirus software—if a ransomware strain is undetected within your network, it may also make its way into your backups. If you need that backup, you’ll bring the ransomware back in along with your data. Look for backup software that can monitor itself for unusual user activity and your backup data for any out-of-the-ordinary changes. The software should also be able to scan your backup data to seek out any hidden ransomware.

Meet Your Backup Demands with Arcserve

The DCIG report states that the Arcserve product portfolio allows you to put these four strategies in place to manage your air-gapped backups effectively. And Wendt closes by saying that with Arcserve, users “…may quickly back up, secure, and analyze their data knowing they have reliable, clean backups. Equally important, they may recover their data wherever they need it in the time and manner they need it.”

To learn more about your air-gap technology options from Arcserve, talk to one of our expert technology partners. For more details about Arcserve products, contact us.

Click here to read to full DCIG report.

You May Also Like