Tape backup advantages for ransomware attacks

Blogs and Articles

With the increasing number of ransomware attacks appearing in business and technology headlines over the last couple of years, many companies are reconsidering tape backup advantages to protect their organisations against these growing threats.

25 October 20217 min
Tape Backup Advantages For Ransomware Attacks

The increasing number of ransomware attacks has become a major issue for many organisations across the globe. Organisations don't want to become the next ransomware headline, so they are re-evaluating their data protection processes and technologies. One technology/practice back in the spotlight is backing up to tape, taking advantage of physical "air-gaps" to protect against delayed ransomware attacks.

With the increasing number of ransomware attacks appearing in business and technology headlines over the last couple of years, many companies are reconsidering tape backup advantages to protect their organisations against these growing threats.

For decades, traditional backup has been used as an insurance policy to recover from system issues. Backing up to tape entails creating an image of a server, so in the event of a server issue, the server's operating system and data (present at the time of the backup) can be reinstalled quickly. However, traditional backup is slowly being replaced with other technologies — many organisations have adopted the practice of backing up to spinning, on-premises disk or the cloud.

Newer ransomware attacks have evolved to infect the entire backup process, bringing the whole disaster recovery practice into question. In a ransomware attack, an organisation's computer(s), including backup servers, are infected and encrypted. Once locked, the computer owner is instructed that their computer will be unlocked, but only if a ransom is paid.

Ransomware is patient

Oftentimes, a ransomware attack is intentionally delayed to infect many months of backup tapes, ensuring the company cannot restore the infected systems from recent backup tapes. In many cases, it can take weeks or months for companies to recognise they were even hacked. During that time, uninfected server backups are overwritten with the malware or ransomware. After a predetermined period, the hacker triggers the ransomware, shutting down all employee access to critical systems, and the organisation has no way to recover from it.

Because of the nature of ransomware attacks, a new backup theory is evolving. The only way to beat a ransomware attack is to regularly generate a series of "golden copy" backups (before infection) and completely isolate them, so that many remain uninfected and available for use when needed. This recovery process of good or clean data is known as isolated recovery.

Securing critical data from a ransomware attack

Isolated recovery relies on the storage media's actual physical isolation — or "air gap." Air gaps are disconnected storage resources, separated from the network and restricted from users without proper clearance. But in practice, segregating every individual backup copy across the enterprise is no longer feasible due to cost. Therefore, an isolated recovery process is best targeted at mission-critical data that the organisation absolutely requires so the business can recover quickly.

Physical isolation is easily accomplished with tape backups and removable media. Obviously, cloud-based backup and the air-gap defence is more difficult — cloud storage systems are connected to the internet and accessible to users when needed. However, it's also feasible to create and store backups in a cloud repository to be retained for an extended period.

Elevate the power of your work

Get a FREE consultation today!


Get Started