Increase in Cryptolocker attacks that target backups
Recently there have been an increased number of Cryptolocker attacks that target backups before they attack the server. The strategy is simple: Encrypt the backup and organisations lose the ability to recover from an attack and are more likely to pay a ransom. Ransomware attacks used to try to cryptolock as much data as quickly as possible. It didn’t matter where the data was…if the malware found data it would cryptolock it. Once the data was cryptolocked then a message was displayed requesting payment to decrypt the data so it was usable again.
In the past, organisations used their backup and recovery process as the guarantee that they could recover from a Ransomware attack. This strategy needs to be amended now to include the following…
Additional backup criteria
- Keep your backup store OFFLINE. This means that the place that stores your backup should not be connected to your network. This hardens your environment against the virus spreading to your backups.
- Check your backups regularly. You can detect a possible infection faster if you have visibility into your backup store.
- Test your recovery procedure at least 6 monthly. Make sure you have a proven procedure to recover your backups.
Roshtech provides a cloud backup service for ShadowProtect backups. This is the best way to disconnect your backups from your network and virtually eliminate the risk of a cryptolocker virus spreading to your backups. Each night the ShadowProtect backup takes a complete image backup of your servers, including operating system, settings and data. The backups are stored locally, and then automatically uploaded to Roshtech’s cloud server. The transmission of the image is encrypted and secure.
Roshtech’s cloud backup offline service will store your backups in the Roshtech private cloud automatically every night. Cryptolocker can’t reach the backups once they are stored offline, even if it spreads throughout your IT systems.
This is the best way to ensure that you are able to make your business immune to Cryptolocker attacks that target backups on your IT systems. You are assured that you can recover your backups stored on Roshtech’s cloud server despite a potential Ransomware systems infection .
Customers that are on one of Roshtech’s business support arrangements will have the cloud backup recovery process tested every 6 months to prove that their backups can be recovered successfully in an acceptable period of time. This process is then documented so that it can be easily repeated in the future.
If you don’t have a proven backup and recovery solution that meets the above three criteria please contact Roshtech.