Backup and recovery systems are at risk for two types of ransomware attacks: encryption and exfiltration – and most on-premises backup servers are wide open to both. This makes backup systems themselves the primary target of some ransomware groups, and warrants special attention.
Hackers understand that backup servers are often under-protected and administered by junior personnel that are less well versed in information security. And it seems no one wants to do something about it lest they become the new backup expert responsible for the server. This is an age-old problem that can allow backup systems to pass under the radar of sound processes that protect most servers.
It should be just the opposite. Backup server should be the most updated and secure systems in the data center. They should be the hardest to login to as Administrator or root. And they should require jumping through the most hoops to login remotely.
An important role backup servers play is providing the means to recover from a ransomware attack without paying the ransom. They contain the data needed to rebuild the machines that have been encrypted by the ransomware, so ransomware groups try to encrypt the backups, too. The saddest line in any ransomware story is, “and the backups were also encrypted.” They are your last line of defense, and you must hold the line.
That’s the traditional ransomware attack, but data exfiltration is fast becoming a primary motivation for ransomware attackers who target backup servers. If bad actors
Read more