Adding Ransomware Protection to Your Amazon Cloud Backup

Businesses of all types and sizes are increasingly at risk from ransomware attacks in today’s cybersecurity landscape. These attacks can be used to block access to—or outright steal—essential business data, which can often include both the backup and restore data contained in places like an Amazon Cloud Backup (AWS Backup). The perpetrators will then encrypt the data and withhold it from the business until they pay a ransom, or threaten to delete it altogether if the company refuses to meet their demands.

Ransomware attacks can create chaos within an organization due to service disruptions, loss of data critical to essential business functions, exposure of private customer information, and loss of public credibility. And the problem is only getting worse.

According to the U.S. Financial Crimes Enforcement Network (FinCEN), the number of ransomware attacks in 2021 will vastly exceed the number of attacks in 2020. These attacks are growing in terms of cost as well—the average cost of reported ransomware transactions per month in 2021 was $102.3 million.

You may be wondering where cloud backups and snapshots fit into this. After all, can’t you simply restore the stolen data from a backup or snapshot in the event of an attack? Ideally, yes. But ransomware attackers also target an organization’s data backups, which is why it’s crucial to secure those backups to avoid paying outrageous ransoms while ensuring business continuity and a fast recovery.

Vulnerabilities with Amazon Cloud Backup

​​Although cloud backup snapshots are great for operational recoveries, they do not provide complete protection from threats like ransomware. When used directly out of the box, AWS backup vulnerabilities include:

• No air-gap protection – AWS snapshots are by default created in the same account as the primary data sources. In this scenario, if the primary account is compromised, so are the snapshots. And if the snapshots are compromised, there is no way to recover data deleted or encrypted by outside parties.
• Backups are not automatically immutable – AWS on its own does not make snapshots immutable, and mutable backups can be altered—or even, in some cases, accidentally deleted.
• Slow recovery – AWS’s lack of flexible restores impacts recovery speed and can result in disruptions to business continuity in the event of an attack that results in a need for data restore.
• Possible script errors – Complex, manually-written scripts are required to replicate snapshots across all accounts within AWS. This is obviously time-consuming and prone to human error, which can leave the snapshots exposed during an attack.

How to Protect AWS Backups from Ransomware

The potential inherent vulnerabilities of AWS backups can leave your data copies at risk to bad actors. And while AWS does offer some native tools and solutions for securing backups, they can be cumbersome to use while still not providing full protection.

Here are some key steps you should take to shield your valuable data and backups from ransomware and other attacks:

• Air-gapping – Backups should be air-gapped and stored outside of the customer’s primary account and region. In the event of an attack, this prevents hackers and bad actors from corrupting and deleting the backup copies as well as the working data.
• Immutable backups – Backup copies of data should be made immutable (unable to be altered or deleted), which preserves the data in a format that prevents it from being altered in any way.
• Encryption for data at rest and data in transit – Both at rest and in transit, data should be encrypted, ideally with the user’s own encryption keys, and protected at a platform level with top security features in compliance with certifications such as ISO 27001, SOC II Type 1, SOC II Type 2, and PCI DSS.
• Periodically test your data recovery abilities – In the event of an intrusion or disruption to your data and workloads, it’s essential to know you can recover quickly and ensure business continuity. Organizations should routinely test their ability to recover data from their backups.

(Is your data fully protected from ransomware? Click here to view our comprehensive ransomware checklist.)

Safeguard Your AWS Backup from Ransomware in Just Minutes with Clumio

Clumio’s innovative, industry-leading platform was designed in the cloud to protect the cloud.

With Clumio, your AWS backups receive instant protection via air-gapping, which places your valuable backup data “off site” and outside of production environments and other accounts.

Data is also encrypted with your encryption key of choice before it leaves any of your cloud accounts. Built-in integrity checking, full immutability for your backup files, and testing data recovery are all only a few clicks away within the intuitive interface.

And you can be fully up and running in less than 15 minutes, with no additional software or hardware needed. Don’t leave your organization at risk — click here to start a free trial so you can see firsthand just how easy it is to secure and restore your valuable backup data with Clumio.