Last Update: Sep 04, 2024 | Published: Nov 28, 2016
Microsoft’s cloud backup solution, Azure Backup, has added new protections to defend your data against deliberate attacks. This post will explain what this means for you.
A report on the subject of “ransomware” and businesses that was published earlier this year by Symantec makes for very sobering reading. Malware, such as CryptoLocker, that attacks a business by scanning for data on the network, encrypting it, and demanding a bitcoin ransom to decrypt the data, is becoming more common. Ransoms are increasing, and terms such as ransomware-as-a-service have been coined to describe these professional attacks that are orchestrated by criminal organizations. The success of these forms of attacks has inspire other attackers, greedy for a slice of the pie; kits are available to build your own ransomware!
Ransomware attacks were once entirely random, but targeted attacks are become more common. That’s a worry because it implies that an attack will be better planned to defeat defenses. One approach to protecting yourself against a crypto attack is to restore your files from backup. That can be an expensive (human effort and downtime) solution but that might be better than paying an attacker — I have heard stories of a decryption failing and the attackers requiring a second ransom!
What if the attacker also prevented access to your backup? Maybe they deleted your backups? Azure Backup has implemented new security mechanisms to protect your backup data from these deliberate kinds of attacks.
There are 4 features that have been added to protect your backup data:
If you have an existing Azure recovery services vault, then you can navigate to Properties in the vault to enable the new security features. Note the option where you can configure a PIN for sensitive actions.
Click Update under Security Settings to open a Security Settings blade. Here you can:
Please note that to use these security features, you must have up-to-date on-premises software:
System Center Data Protection Manager (DPM) does not support these features yet.