Computer virus, worm, trojan, ransomware, spyware. These are just some of the names for malicious pieces of software (malware) that are designed to infect a computer and cause havoc. Anti-Virus vendors are generally very good at keeping their definitions up-to-date, but the rate at which new malware is released means it’s a never ending battle. Statistics posted on the Gdatasoftware blog show that in the first half of 2017 a new strain of malware was seen every 3.2 seconds!
Even if you have the best cyber security tools money can buy, there is one key area you can never fully protect against – human error. Email is a commonly used method of distributing malware, and it only takes one unwitting user to open an infected attachment to compromise your network.
So often, the best form of defence against malware is a reliable and correctly configured backup solution. Whilst you lose any data created between your last recovery point and the time of the infection, it’s often preferable compared to the alternatives.
But can my backups get infected?
In short, yes. Cyber Criminals quickly realised that effective backups were thwarting their ransom demands, so new ransomware variants are increasingly targeting backup data, in addition to primary storage. If an organisation doesn’t have a backup they can turn to, they are left with no option other than to pay the ransom if they want to get their data back.
However, backup vendors like Asigra are starting to protect against ransomware that infiltrates backups and stays dormant until the data is recovered back to the network following an attack on primary storage.
“The backdrop of version 14 is that the market landscape itself has evolved,” said Eran Farajun, executive vice president of Asigra, based in Toronto. “One of the biggest changes that [has] happened is around ransomware … There has been a shift where backup is now moved from becoming a defensive vehicle to becoming an offensive attack vector. Bad actors are using backup software now in their attacks.”
The new version of Asigra does this by scanning data during the backup process to detect whether a file has been infected with malware. Infected files are then quarantined before they are ingested into the backup system. This means the data in the backup system stays healthy, so when you want to recover healthy versions of files you can.
The scanning also works in the other direction too, so if your backup repositories already contain infected files, the software will prevent them from being recovered. Watch the video below for more information on how the system works.