Four Backup Strategies to Thwart Ransomware
Key Points
- Backups become critical when ransomware strikes, and there are four primary strategies to consider: local, cloud‑based, air‑gapped, and immutable backups.
- Local backups (e.g., USB or network drives) are fast but share the same attack surface as the primary data, so if ransomware encrypts the main system it can also corrupt the backup.
- Cloud‑based backups store copies off‑site, protecting against local ransomware and physical disasters, but they suffer from slower restore times that can take hours or days over the internet.
- True air‑gapped backups are completely isolated from the production network, making them highly resistant to ransomware spread, though many “air‑gap” claims are ineffective if any network link remains.
- Immutable backups (not detailed in the excerpt) add another layer of protection by preventing any changes to stored data, ensuring that even if an attacker gains access, the backup remains untampered.
Sections
Full Transcript
# Four Backup Strategies to Thwart Ransomware **Source:** [https://www.youtube.com/watch?v=iDdsq_VbeTc](https://www.youtube.com/watch?v=iDdsq_VbeTc) **Duration:** 00:04:59 ## Summary - Backups become critical when ransomware strikes, and there are four primary strategies to consider: local, cloud‑based, air‑gapped, and immutable backups. - Local backups (e.g., USB or network drives) are fast but share the same attack surface as the primary data, so if ransomware encrypts the main system it can also corrupt the backup. - Cloud‑based backups store copies off‑site, protecting against local ransomware and physical disasters, but they suffer from slower restore times that can take hours or days over the internet. - True air‑gapped backups are completely isolated from the production network, making them highly resistant to ransomware spread, though many “air‑gap” claims are ineffective if any network link remains. - Immutable backups (not detailed in the excerpt) add another layer of protection by preventing any changes to stored data, ensuring that even if an attacker gains access, the backup remains untampered. ## Sections - [00:00:00](https://www.youtube.com/watch?v=iDdsq_VbeTc&t=0s) **Untitled Section** - ## Full Transcript
backing up your data is not the most
exciting topic until you really need it
once you've been hit by ransomware
you're going to wish you've done what
I'm going to talk about
there are four different strategies that
we could have for doing backups local
backups cloud-based backups air gapped
backups or immutable backups there's
actually more but I'm going to summarize
it with those four main approaches and
we'll talk about the pros and cons of
those and how they can prepare you so
that when the ransomware attacker
demands money you can thumb your nose at
him and go along your Merry way so the
first I'll talk about is a local backup
in this case I've got my data and I'm
just going to copy it to another data
source maybe it's a USB attached drive
it could be network attached drive but
it's essentially local to my system
and there's advantages and disadvantages
to this the pros are it's pretty fast
because it's a local attachment but the
downside is it's vulnerable to
ransomware if an attacker comes along
and encrypts the main source if they
have access to that because it's locally
attached they probably have access to
the backup as well and if your backup is
encrypted then it's not going to do you
any good at all so the next approach
then would be a cloud-based backup in
this case I've got my local data and I'm
going to send it off to some cloud-based
storage
I don't really know where it is I don't
care but the fact of the matter is the
data is someplace else so that when this
gets encrypted as long as I have
multiple copies back here it doesn't
automatically encrypt elsewhere it's not
part of the locally attached file system
in particular so I have an advantage
here of disaster recovery for instance
if my system goes down if it gets burned
up in a fire if there's some sort of
natural disaster as well I also have the
ability to recover that from the cloud
so that's a big Advantage now there's
other things that could be a
disadvantage and that speed so it's
going to be slower we've got to go
across the internet in order to get the
information if you try to recover an
entire system that way you may be
waiting hours maybe days before you get
all of your information back so that's a
problem
now yet another approach and this is one
I hear a lot of clients talk about is
doing what they refer to as an air gap
in this case
there is some sort of breakage between
the two that's what a true air gap is a
lot of people talk about air gaps but
don't really do them as long as there is
a network connection it's not air gapped
air gap means air that's the only thing
that can be between the two systems so
they have to be on entirely different
networks for that to be the case
now the advantage here is if an attacker
does get to this system and encrypts it
it's not going to encrypt the other
because there's no connection so this
copy is still sitting there pristine
that's an advantage it's more secure
than some of the others I've talked
about what's the disadvantage well
it's not current because there's no
connection there all the time whenever I
update my data then my backup is not
also updated so it falls out of sync
pretty quickly
the fourth approach that I'm going to
talk to you about is called an immutable
backup
an immutable backup is one where I can
write
only one time
so I can take my data and write it over
to the other backup media and once it's
been written it can't be written again
so this is what we also sometimes refer
to as a worm drive or a worm system
write once read many
so I can read it as many times as I want
but no one can override it so if the
ransomware attacker comes along and
encrypts this Source they can't also
encrypt the other because it can't be
overwritten the advantage here then is
it's more secure than some of the other
options I talked about it also has the
advantage of being relatively fast
because it's fairly locally connected
it also has the advantage of not being
vulnerable to ransomware as I just
discussed only real downside may be that
it doesn't do some of the Dr Disaster
Recovery type of scenarios because it is
co-located it's near my system but as as
many people would say two backups equal
really just one backup and one backup is
equal to none you really might want to
use multiples of these strategies so
that you're really prepared in case you
get attacked thanks for watching please
remember to like this video And
subscribe to this channel so we can
continue to bring you content that
matters to you