For companies of all sizes, business backup software is an essential part of their security strategy. Financial, technical, and legal documents, as well as other working materials, form the basis of every business operation and must be protected. If these documents disappeared for any reason, a company would have to deal with big financial losses, if it survived at all.
Every business tries to avoid that kind of data loss, which is why a backup strategy can be found in nearly every organization. A complete backup enables the company to restore their systems quickly and easily – and, in the case of a ransomware attack, without having to pay the criminals. Many companies are enhancing their backup with cloud and hybrid backup solutions.
While a broad backup plan is good, it is becoming increasingly important to have secure backup software working for you ... and a recent test by independent testing lab Nioguard helps to show why.
Backup is now the target
To deny companies the ability to avoid paying ransoms by restoring their data from backup, cybercriminals are now using ransomware that targets backup files, backup software, and backup agents. Most modern ransomware actively deletes Windows Volume Shadow Copies – the built-in backup functionality from Microsoft – while other strains delete or encrypt backup files of popular backup solutions, making the restoration process much longer.
In the past, backup solutions have addressed this threat by offering cloud storage as a way to isolate the data from the threat. The challenge is that cybercriminals already have started to attack this “safe harbor” as well. Various ransomware samples have started to block access to cloud storage services like Google Drive or Dropbox, and cloud backup companies will surely be the next target.
If the backup agent on an endpoint device is compromised, for example, it can release all the information a cybercriminal needs to get into the cloud. That would enable the crooks to access, encrypt, or delete all of your cloud-based files, making it impossible to recover from those backups. Without those backup files, you would need to pay the ransom.
If the company was following 3-2-1 backup rule and stored a copy of their data somewhere else off-site, they’ll be able to recover, but the process will be much longer.
Given the real and growing danger to backup files, software and agents – both locally and in the cloud – independent testing laboratory NioGuard put a few popular corporate backup solutions to the test to see if they are ready to face the threat.
As NioGuard stated in its report:
“The test aims at testing sustainability of product’s processes and services against typical attacks to security software described below, as well as self-protection of local backup and product’s files. Ransomware can encrypt local backup files and configuration files that belong to a backup program thereby disabling recovery of the files. Moreover, once access to the agent’s or server’s processes is gained, an attacker can delete backup copies of the files not only locally, but also in the cloud on behalf of a backup solution.”
The results are actually quite alarming: Among the four products tested, only Acronis Backup passed the test. The other business backup solutions couldn’t stop most of the attempts to compromise the backup agent on the machine in order to take control over it, steal credentials, or gain access to the backup files.
Nioguard specialists ran 31 different tests simulating attacks to local backup files, product files, processes, services, and cloud storage (to disrupt backup and recovery services). A look at the final result shows that Acronis Backup performed significantly better than the competing products:
Acronis successfully passed the test 81 to 87 percent of the time, while the nearest competitor only passed 19 percent of the tests.
Acronis’ success can be explained by the complex, multilayered security architecture the company started to implement when it introduced Acronis Active Protection in January 2017. While it mainly is aimed at protecting data from ransomware, it also addresses all attack vectors that take aim on backup agents running under the Windows operating system family.
Acronis Active Protection is currently integrated into a number of Acronis products. To combat the growing online threats, the company continues to improve this solution by supporting more operating systems and improving the underlying behavioral heuristics and machine learning technologies.
The laboratory’s conclusion
“The results have shown that the majority of the tested products are not ready in most cases to counteract the ransomware-like attacks allowing a potential attacker to lock user’s backups and disable backup and recovery services. Only Acronis Backup showed good results with 87% and 81% pass rate for 32-bit and 64-bit products correspondingly providing comprehensive self-defense capabilities as well as service sustainability.”
We encourage you to read the full NioGuard report. You’ll learn more about the methodology and the tests NioGuard performed to make their determinations.
It’s important to understand that ransomware that targets backup files and solutions is a tremendous threat that is already causing damage around the world. The ability to attack files in the cloud is a whole new threat, which means businesses need a backup solution that will defend itself and all the backups it creates from attack.
If you care about your company’s backed up data, you need to choose the most secure business solution, Acronis Backup.
Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 1,800 employees in 45 locations. The Acronis Cyber Protect Cloud solution is available in 26 languages in over 150 countries and is used by 20,000 service providers to protect over 750,000 businesses.