A Ransomware Secure Backup Strategy

We provide you with information about ransomware attacks, the attackers and their consequences. Based on this, you will receive requirements for a ransomware secure backup strategy and how you can implement this with BorgBackup to best protect yourself from an attack.

A Ransomware Secure Backup Strategy Image by Freepik

Ransomware is currently a real, serious threat […] which can also attract a lot of media attention. The probability that your company/agency will also be hit is currently high and realistic – BSI Catalogue of Measures for Ransomware.

What is ransomware and what are the consequences of an attack?

Generally, malware is called ransomware when it restricts the availability of data or systems or even prevents them altogether. To do this, the data is often encrypted using a method that cannot be broken. Only by paying a ransom does the victim obtain the key to decrypt their data. Without this, the data cannot be decrypted. If there is no backup of the data, it is lost for good. This loss of data or production downtimes resulting from the attack can threaten the existence of the affected company.

A backup is the most important protective measure to ensure data availability and a quick resumption of operations in the event of a ransomware incident – BSI Catalogue of Measures for Ransomware.

Who are the attackers and who are their victims?

In recent years, there has been an increasing professionalization in the ransomware scene. Ransomware developers are increasingly using advanced attack methods to carry out attacks. But the target group of their potential victims has also changed. The first generations of ransomware still randomly encrypted individual computers and demanded a flat ransom. This situation has now changed. Today, there are several well-known ransomware groups, such as REvil, which have received a lot of media attention due to ransomware attacks on well-known companies. These groups are now targeting businesses with the aim of crippling the operations of the entire company through their ransomware.

How does a typical attack look like?

First, the attackers try to gain access to the victim’s network. Sophisticated social engineering methods via e-mail are mainly used for this purpose. The latest method used by the attackers is to carry out a fake conversation between several participants and to place the victim in the CC of the respective e-mails. The conversation is intended to make the victim believe that the communication partners are real people and that they are trustworthy and credible. In the course of the communication, the actual attack occurs, for example, through a prepared Word file. After the victim has been successfully infected, the next step is an automated attempt to take over the victim’s entire network. To do this, the attackers use automated tools that collect information about the network and send it to the attacker. In the next step, the attacker manually checks whether the victim is worthwhile. To do this, the attackers use both the previously collected information and, for example, publicly viewable financial statements. As soon as the attackers can count on the company being able to pay a high ransom demand, the next step is to attack all connected systems, including all accessible backups, are encrypted with ransomware. This step often occurs several weeks after the initial infection. At the same time, the victim receives a high ransom demand based on his or her economic circumstances.

Requirements for a Ransomware Secure Backup Strategy

When designing a ransomware-proof backup strategy, the expertise of the BSI should be drawn upon. Recommended here are the BSI Catalogue of Measures for Ransomware and from the IT-Grundschutz Kompendium the article CON.3: Data Backup Concept. These should be considered when creating your own individual data backup concept. In summary, your individual data backup concept should at least meet the following BSI requirements:

Implementing the Ransomware Secure Backup Strategy with BorgBackup

Now that you know what the minimum requirements of your individual backup strategy are, we will introduce you to the open source software BorgBackup. With this software and an appropriate configuration you can meet the above requirements. If you use BorgBackup and configure it properly, your backup will meet the following requirements, among others:

For more information, visit www.borgbackup.com. However, since every company has different requirements for a backup strategy, an expert should create an individual backup strategy for you and implement it technically accordingly. Then you can be sure that your company is much better prepared against a ranomware attack.

Published of Leo Schmidt

Show more

  1. Phishing, What Is It All About? (Part 1)

    Phishing, What Is It All About? (Part 1)

    The number of phishing attacks increased by 29% in 2021 compared to the previous year, and Germany was the third most attacked country. But what exactly is “phishing”? In phishing, someone poses as a reputable and trustworthy person or company and, by manipulating the victim, achieves that the latter clicks on or opens a file, link or similar. This usually then leads to personal information being stolen or malware being installed.

  2. Speed up Rust CI pipelines that use Tarpaulin

    Speed up Rust CI pipelines that use Tarpaulin

    Rust is an awesome language. Not only does it provide you with runtime performance that is on par with languages like C and C++, but it also prevents you from shooting yourself in the foot thanks to a lot of compile time checks. This however means that the compiler has to do a lot more work compared to some other languages: Borrow checker, Types, Generics, Macros, LLVM Optimization… While those features do result in a better product, no one wants to sit around 30 minutes just to discover that a single test failed due to a typo.

Get to the blog