Stay ahead of evolving ransomware threats with our quiz on backup best practices. Recent attacks targeting backups highlight the pressing need to reassess data protection strategies.
While regular backups remain crucial, ransomware’s growing sophistication demands updated approaches. As cybercriminals increasingly target backups to thwart recovery efforts, ensuring backup security is paramount.
From traditional tape to modern cloud solutions, explore the spectrum of backup options and evaluate your readiness against ransomware threats. Take the quiz to uncover potential gaps in your backup strategy and fortify your defenses against ransomware attacks.
Table of Contents
Question 1
What is still the most reliable method to ensure backups stay ransomware-free?
A. Disk-based backup
B. Tape backup
C. SaaS-based cloud backup
D. None of the above
Answer
B. Tape backup
Explanation
Tape storage for backups is the best way to keep ransomware from entering backup storage. Any medium for storage that is connected to a network is at risk, and certain malware and ransomware variants are even designed to go after unstructured data and certain file types, such as JPGs, PDFs or Microsoft Office documents — files that often contain mission-critical data. These variants can also go after restore point data and shadow copies. In essence, if the backup medium is plugged in somewhere, it’s at risk.
While tape storage has its own drawbacks, such as slower restore times compared to disk-based backups, air gapping mission-critical data remains the industry standard to ensure backups are not compromised. Organizations that use disk-based backup can implement a disk-to-disk-to-tape process to retain the benefits of disk, but also ensure data gets written onto tape.
Question 2
Users who aren’t tech savvy don’t have the means to help protect an organization’s data or their backups should a ransomware attack hit.
A. True
B. False
Answer
B. False
Explanation
Historically, email has been the most common way that ransomware enters an organization’s infrastructure. Ransomware and crimeware-as-a-service groups often turn to phishing emails and craft carefully designed emails to target certain individuals and organizations, studying their social media presence, online profiles and business intel to make illegitimate emails look real. A user could click on an infected email, for example — which attackers can disguise as an internal email from a co-worker — and that’s all it takes.
Organizations that want to protect their users and backup integrity should invest resources into training employees and stakeholders to spot and be mindful of suspicious emails, webpages and social media posts. Users who are wary of what’s on their screens and what they click on put an organization in a much better position to prevent ransomware code from entering its storage and backup environments.
Question 3
Replication alone is one of the best methods to create ransomware-free backups.
A. True
B. False
Answer
B. False
Explanation
Replication on its own does “almost nothing” to protect against ransomware, according to TechTarget contributor Brien Posey. By itself, replication can be a useful tool to hedge against data loss should a virtual machine fail, but many replication engines can’t detect malicious files against genuine data. Therefore, admins could back up malicious files as well, rendering those backups unusable.
As a best practice, use replication in conjunction with the creation of multiple recovery points. This enables IT admins to restore from a recovery point just before the ransomware attack hit, even if a replica VM is hit with ransomware, ensuring the restore data is ransomware-free. If an organization’s replication engine doesn’t support multiple recovery point creation, it may be time to explore other ransomware backup options.
Question 4
Ransomware can encrypt files at what rate of speed?
A. Over the course of the day of attack
B. Weeks at a time
C. Days at a time
D. All of the above
Answer
D. All of the above
Explanation
Not all ransomware is introduced into a system instantaneously. In fact, some variants of ransomware begin encrypting files weeks in advance, moving clandestinely through an organization’s network for weeks, or even months, on end. These types of attacks can be profoundly expensive to abate, given — assuming admins don’t detect the attack for weeks on end — the ransomware is likely backed up multiple times. This can make it very difficult to identify clean backups from infected ones, which can be a daunting and time-consuming task.
As a best practice, test backups as often as possible and look for encrypted files or malicious code. Should ransomware hit, check backup catalogs for previously unencrypted files. Adopt a backup application that can identify previously unencrypted versions of files and use those to restore in conjunction with the revered 3-2-1 backup strategy to ensure clean copies of data lie elsewhere.
Question 5
Backup vendors don’t address ransomware, so they won’t be helpful in protecting backups.
A. True
B. False
Answer
B. False
Explanation
Many backup vendors are doing quite the opposite. As ransomware attacks continue to increase, vendors have updated their products to address ransomware concerns and the infection of backups. They have added malware detection, two-factor authentication, endpoint protection, continuous data protection and other features.
Question 6
Work-from-home environments can exacerbate the issue of ransomware and ransomware backup.
A. True
B. False
Answer
A. True
Explanation
Decentralized and edge data can be difficult to protect and the COVID-19 pandemic has caused an increase in attacks, particularly regarding endpoint security and edge data storage. Employees working remotely often store data on their personal hard drives, as opposed to the cloud or an enterprise file server. If ransomware enters their computer or other device, they could lose that data. This has led to an increase in attack surfaces for hackers.
It’s best practice to encourage employees to save files to a location where admins can back up that data. They can also use other remote backup tools to ensure user data isn’t lost if their device is hit with ransomware. Be sure to incorporate other remote security measures, such as strong patching, antimalware and limiting users’ access privileges to only job-essential files and applications.
Question 7
What is immutability?
A. A type of retention policy
B. A term used to describe disk-to-disk backup
C. A write once, read many (WORM) storage technology
Answer
C. A write once, read many (WORM) storage technology
Explanation
Immutable storage is a technology that organizations can apply to virtually all types of storage media that prevents a file from being deleted or modified. That means if attackers enter an IT environment, whether internally or externally, they cannot tamper with those files. Use immutable backups with other ransomware backup best practices since immutability can keep backups safe even if an attack hits. In addition, use retention policies to determine how long to store data.
Question 8
Cloud has become a popular option to protect backups from ransomware because:
A. The cloud is easy to scale
B. Cloud applications are often off office networks
C. Cloud vendors offer support for cloud backup networks
D. All of the above
Answer
D. All of the above
Explanation
Many organizations are turning to the cloud to keep their backups safe from ransomware. As a ransomware backup best practice, admins can use cloud in conjunction with other backup types to keep WORM copies, should ransomware infect other forms of backup. Cloud can also potentially provide faster recovery times.
Cloud is not completely immune to ransomware attacks, but if used properly, it can be a useful backup method. When using cloud to protect backups from ransomware, set user permissions for those who truly need access. Keep as many endpoints from accessing the cloud as possible. This can keep hackers and ransomware from entering cloud storage through an end user’s computer or devices.