Skip to content

5 Essential Steps For Ransomware Backup Strategy

5 Essential Steps For Ransomware Backup Strategy

Much has been said and written about the constant threat of ransomware. As these attacks have become all too common, you have probably heard about them. However, the most important question is this: What can be done to protect against this threat? Thus far, the best answer to that question has been: Efficient and regular data backup. Ransomware hackers essentially hold your data for ransom, but they cannot do that if you restore your system from a recent backup. Of course, like anything else, ransomware backups have to be done right. Let’s discuss five essential steps that should be a part of any ransomware backup strategy.

1. Make Sure Your Backups Use An Air Gap

The term “air gap” is just a fancy way of saying that you should store your backups on a computer that is not connected to the internet. It may be desirable to use a computer that is incapable of accessing the internet, just to make sure. If you don’t do this, your backups can be infected and compromised along with the rest of your system. In fact, some ransomware variants are specifically designed to target backups.

In order to do this correctly, some manual work will be required. Since your backup system cannot connect to the internet, data must be uploaded and downloaded physically using external drives. That does take longer than an online backup, but the security advantages are often worth the extra trouble. Besides, manual methods make it easier to control access to your backups.

2. Look Into Immutable Data Protection Services

There are all kinds of security services out there, and one of them specifically relates to our backup protection problem. Some people now offer immutable backups, which means they cannot be altered once they are created. As you might expect, ransomware creators have tried to find many ways of encrypting or corrupting your backups. Unfortunately, they have had some success in that regard.

An immutable backup is secure by design, as it is hard-coded to prevent any modification whatsoever. This kind of software uses a “retention lock” feature that prevents all modification or deletion for a predetermined time period. You want to avoid systems where old backups are overwritten by new ones, as this feature can potentially be hijacked.

3. Include Ready-Made Sandbox Environments

When you are recovering from a ransomware attack (whether successful or unsuccessful), it isn’t just about restoring your system to its original state. That is the most important thing, but it is also important to figure out where and why the problem occurred in the first place. Most of these attacks begin with a phishing campaign or an exploit of known software vulnerabilities. If you don’t close that hole in the wall, you can bet that rats will come back and use it again.

This is where a virtual sandbox can really be handy. This is just a copy of your existing system that runs on a simulated drive. The computer partitions a section of an existing hard drive and treats it as a separate device, allowing you to install a duplicate operating system and whatever data you wish. The big security advantage: you have a safe environment for testing and investigation.

A sandbox environment is also very good for the prevention of ransomware attacks. By giving employees access to such a controlled environment, you give them a way to check suspicious files or activity without any real risk. For instance, if someone thinks they may have gotten a phishing email or message, they can open it in the sandbox and see what happens. Obviously, in a case like that, you still have to refrain from typing any sensitive credentials.

4. Physical Security

With all this talk about digital security, let’s not forget about old-fashioned thievery. The kinds of people and organizations that carry out ransomware attacks are perfectly willing to use infiltration as a way to gain easier access. This is their only potential way to access your air-gap backups, so don’t underestimate the threat.

As we already mentioned, those offline backups need to be stored on dedicated machines that cannot access the internet. These also need to be placed in an area that is not accessible to most employees. Only your cybersecurity personnel has a real need to access that backup data, anyway. Identity verification for all cybersecurity personnel is equally important. If you really want to go extreme, you might consider some sort of biometric identification requirement for access to the backups.

5. Testing And Drills

The process of restoring your whole system from a backup is more complex than it sounds. Some people seem to think that you just basically load a file and it’s back to normal. However, there are many small snags that can cause problems during backup and restoration. That is why you want to test these systems thoroughly before they are needed.

Apart from the need to test the technology, you also need to test the procedures being used. The goal is to do things in the most secure and efficient way possible. Security and efficiency are sometimes at cross purposes, so a balance must be struck. You also need to test the people involved in the process. The human element can cause a near-endless number of problems, so you want to make sure that everyone knows what to do. Such tests and drills need to be conducted in a sandbox environment so that the actual system cannot be affected.


It is impossible to overestimate the importance of ransomware backup. Organizations both large and small have suffered huge losses because they failed to address this matter. We hope that you will contact PCH Technologies at (856) 754-7500 so that we can keep you from becoming a part of those statistics. Whether you need data backup services, help with disaster recovery, small business computer support, or IT computer services in general, we are here to help.