How Immutable Backups Protect Against Ransomware

Datacenter networking servers

Ransomware protection is one the most important topics for IT Pros and C-Level technology executives. Learn how immutable backups and immutable storage help to protect your organization against data corruption and loss, malware, viruses, and ransomware – and how to implement them. 

This post is sponsored by Object First

Veeam 2023 Ransomware trends report – most ransomware targets backups

In May 2023, Veeam – a software company specializing in backup and recovery – released a large global report on recent ransomware trends. They describe the lessons learned from 1,200 victims and nearly 3,000 cyberattacks.

This quote from the Veaam 2023 Ransomware Trends Report highlights the increased risk of seeing backups being targeted by ransomware:

“Targeting backups has become standard operating procedure” – “Over 93% of ransomware attacks explicitly target backups” – “And over 3 out of 4 backup repositories are affected in a ransomware attack!”

These findings are rather scary. Everyone, including all IT Pros, should take notice. But what can you do to alleviate the security threats mounting and growing at astonishing rates? Immutable backup technology can help protect against the ever-increasing dangers posed by ransomware.

What is immutable backup?

Immutable backups are a form of data protection that prevents any alteration, deletion, or modification of backed-up data for a specified period. This approach ensures that even if the primary data is compromised or encrypted due to a ransomware attack, the unaltered backups, or immutable data, can be readily restored, effectively thwarting data loss and ransom demands.

The immutability of backups is achieved through various means, such as using write-once-read-many (WORM) storage technology, cryptographic techniques, or backup solutions that integrate immutable features. The underlying principle is to create an unbreakable chain of trust between the backup data and the backup process.

Are immutable backups safe from ransomware?

Suppose you have a business with all your company’s critical data, financial records, and customer data stored in the cloud. With immutable storage capabilities enabled, a cybercriminal attempts to infiltrate your business network with a ransomware attack. They gain access to your cloud storage area, and the attacker tries to encrypt files in the folders protected with immutable storage.

Because of the storage settings, the malicious software is unable to modify or delete your files, rendering the encryption attempt ineffective. Without immutable storage, the attacker could have demanded a ransom to provide you with the decryption key to free your data.

Are immutable backups encrypted?

Immutable backups and encryption are two separate concepts, and they can be used together to provide enhanced data protection. However, they are not inherently linked, and immutable backups can exist both with and without encryption. Let me explain the nuances.

To provide a higher level of data protection, organizations often combine both immutable backups and encryption. In such scenarios, the data is first encrypted before being stored as immutable backups. You gain two important advantages from encrypting your immutable backups:

  • Data integrity: Immutable backups ensure the data remains unaltered and tamper-proof, safeguarding against ransomware attacks and accidental data modification.
  • Data confidentiality: Encryption ensures that even if unauthorized individuals gain access to the backup data, they cannot decipher the information without the decryption keys, maintaining the confidentiality of the sensitive data.

In summary, while immutable backups do not necessarily have to be encrypted, the use of encryption in conjunction with immutability strengthens data protection and enhances the overall security posture of an organization’s backup strategy.

Five ways to protect data against ransomware

Protecting data against ransomware requires a multi-layered approach that combines preventive measures and proactive strategies. Here are five ways to improve resilience against ransomware attacks.

1. Limit access to backups

Restricting access to backup systems and data is crucial to prevent ransomware from spreading to these critical assets. Only authorized personnel should have access to backup infrastructure and access privileges should be regularly reviewed and updated based on job roles and responsibilities. Implement strong authentication methods, such as multi-factor authentication (MFA), to add an extra layer of security to backup systems.

immutable storage ransomware backups
It’s essential to restrict access to backup infrastructures

2. Back up data at suitable intervals

Frequent and regular backups are essential to minimize data loss in the event of a ransomware attack. That’s why it’s important to define suitable ransomware backup intervals based on the criticality of data and the rate of data changes. For highly critical data, consider more frequent backups to reduce the potential data loss window.

3. Have a regularly tested disaster recovery plan

A comprehensive and regularly tested disaster recovery plan is fundamental to recovering from a ransomware attack effectively. The plan should outline the steps to take when a ransomware incident occurs, including isolating affected systems, identifying the source of the attack, restoring data from backups, and reestablishing normal operations. Regular testing and simulation of different ransomware attack scenarios will ensure the efficacy of your plan.

4. Store backups in multiple locations

Storing backups in multiple geographically dispersed locations offers an added layer of protection against ransomware. If ransomware infects one location, having backups in another place ensures data availability and recovery options.

First, as your primary backup target, utilizing a geo-diverse method of backing up data with physically separated data centers improves your data resiliency in case of a disaster. Then, as a secondary backup target, consider using one or more cloud storage services for an enhanced data restoration posture.

5. Use air gap backups and immutable storage

Air gap backups and immutable storage are advanced techniques that provide a high level of protection against ransomware attacks. An air gap backup is physically or logically isolated from the primary network, and it remains disconnected until needed for data recovery. This isolation prevents ransomware from reaching the backup data, making it highly resistant to attack.

Immutable storage, however, prevents data from being altered or deleted for a specified period. Even if ransomware gains access to the primary data, it cannot modify or encrypt immutable backup copies. This approach ensures the availability of uncorrupted data for recovery.

Implementing air gap backups and leveraging immutable storage solutions adds a layer of security against ransomware, reducing the risk of losing critical data to cybercriminals.

Choosing a storage option for Veeam Backup

Veeam is a popular data protection and backup solution that provides flexibility in storage options, storage devices, and media. When choosing a primary storage option for Veeam Backup, several factors, including backup architecture, must be considered to ensure the best fit for your organization’s requirements.

Here are some key storage options to consider for Veeam backup.

  • On-premises storage: Traditional disk storage arrays or Network Attached Storage (NAS) devices located on-site provide direct control and access over backup data.
  • Cloud storage: Public cloud storage services like Amazon S3, Microsoft Azure Blob Storage, or Google Cloud Storage offer scalable and cost-efficient offsite backup options.
  • Tape backup: Tape libraries or standalone tape drives are still used for long-term data retention and archiving purposes. This is a good example of a ‘write once’ storage medium.
  • Deduplication appliances: Deduplication storage appliances optimize storage space by eliminating redundant data, making them efficient for backup storage.
  • Object storage: Object storage systems provide scalable and cost-effective storage for unstructured data, making them suitable for backups.

Meet Ootbi by Object First

Ransomware-proof and immutable out-of-the-box, Ootbi by Object First delivers secure, simple, and powerful backup storage for mid-enterprise Veeam customers that can be racked, stacked, and powered in 15-minutes while providing unbeatable backup and recovery performance.

Powered by S3 Object Lock, Ootbi storage buckets are immutable by default, and they synchronize with Veeam direct-to-object storage configurations – this provides three strong qualities every IT Pro craves: Security, simplicity, and power.

Introduced in Veeam’s V12 Backup & Replication suite, direct-to-object storage can be a part of traditional on-premises backup repositories. Ootbi uses a hardened operating system with no ‘root’ or backend access, and it can be configured in two simple steps.

The Object First Ootbi backup appliance features:

  • A hardened Linux operating system that protects data integrity with zero access to root, OS, or backend granted to the user by design.
  • Immutability is powered by S3 object lock, which is enabled by default. This reduces the risk of ransomware encrypting backup data.
  • The ability to ingest Veeam backup data at up to 4GB/s and run up to 80 virtual machines simultaneously in instant recovery.

Other key points to consider

Here are a few additional topics you should consider when designing your backup strategy. Keeping these as important topics of discussion in your security and compliance reviews will bolster your security footprint when it comes to protecting data and intellectual property.

Employee training and awareness

Human error remains one of the leading causes of ransomware infections. Regularly train employees on best practices for cybersecurity and raise awareness about the dangers of phishing emails, malicious attachments, and suspicious links. Moreover, you should encourage employees to report any unusual activities promptly.

Keep software and systems updated

Outdated software and systems may have vulnerabilities that can be exploited by ransomware attackers. Regularly update all software, including operating systems, applications, and security solutions, to patch known vulnerabilities and protect against new threats.

Implement endpoint security solutions

Endpoint security solutions, such as antivirus, antimalware, and endpoint detection and response (EDR) tools, help detect and block ransomware attacks on endpoints. These solutions can also monitor suspicious behavior and provide early warning signs of potential threats.

Choosing the best storage option for Veeam Backup

Ultimately, the best storage option for Veeam Backup depends on your organization’s specific needs, budget, and long-term backup strategy. It’s essential to conduct a thorough evaluation and testing of different storage options to find the one that aligns best with your backup and recovery requirements.