A reliable backup process is the backbone of any disaster recovery plan. But what type of backup is superior when it comes to ransomware recovery? Are the old tried-and-true physical backups the superior option, or is backing up to the cloud the way to go?
Physical backups, including everything from external drives to the backup tapes of old, are as reliable as ever. The biggest benefit to a physical backup is that detached, offline storage cannot be accessed from the outside world. Better yet, backups taken offsite to a secondary location are even harder to compromise.
That said, no solution is perfect. Though offline storage is safe from all network threats, there must typically be a window of time in which the storage is attached to a live machine in order to perform the backup. During this window, backup media is a hot target for ransomware because attackers know that once backups are compromised, the only option left is to pay their ransom. Many ransomware variants are therefore designed to find and sabotage backups.
If you only rely solely on physical backups, then your disaster recovery plan is dead once ransomware reaches your backup media.
Backing up data to a cloud service can add an extra layer of defense, since major cloud providers typically have extremely high security measures in place at their data centers to protect customer data, and the likelihood of an attacker defeating those defenses is incredibly low.
This option is no less foolproof, however, because cloud backups are only as secure as the users utilizing the service. If an authorized user is not diligent in exercising caution, they may risk backing up infected data to the cloud, at which point the threat can grow exponentially. Infected data on a cloud service can spread anywhere in the world and to every machine that later downloads the compromised data.
Also consider the nature of the backup solution. Scheduled, periodic backups of selected data give you more control over when data is backed up and how healthy the data is at that point in time. On the other hand, if you rely on a folder-syncing cloud solution (such as OneDrive, Google Drive, Dropbox, and so on), the risk is the same as if you had attached storage. A ransomware attack can easily result in infected or encrypted data being synced to the cloud.
The answer to “should I use physical or cloud backups?” should really be “Why not both?” Hybrid backups are the best of both worlds, combining the strengths of both options while guarding against each type’s weaknesses.
The reasoning is simple: Has a ransomware attack compromised your physical backup while it was attached to the infected machine? No problem—fall back on the backup you have uploaded to the cloud.
Conversely, has your cloud backup been infected and is it threatening to spread? Then it’s time to go offline and restore from your physical backup. In either scenario, where one type of backup fails, the other takes over, and the likelihood of two or more types of backups being compromised simultaneously, though not impossible, is especially low.
Most importantly, hybrid backups are key to practicing the 3-2-1 backup rule. The more backups and more types of backups you have, the better protected you are. For example, have one backup go to a secure external drive kept offsite, another backup directed to an isolated VLAN, and yet another to an external cloud service. Keep your options as varied and redundant as possible. The more options you have for recovery, the less likely you’ll ever have to worry about a ransom.