Skip to main content
Microsoft Security

World Backup Day is as good as any to back up your data

In today’s security landscape, there are more threats to data than ever before. Beyond corruption caused by hardware or human failure, malware and cyberattacks can put data in serious danger.  That’s why it’s imperative for enterprises, small-and-medium businesses, and individuals to back up data. It must be implemented systematically, not just on World Backup Day (March 31), but regularly.

One of the biggest threats to data is ransomware. Organizations, hospitals, and businesses have succumbed to paying attackers – a testament to the importance of key data to business continuity. Unfortunately, these incidents can indicate the absence of effective backup strategies in these organizations, which can make ransomware attacks more lucrative for attackers.

We have observed a decline in ransomware encounters in recent months. In part, we believe this downward trend is a result of enhanced detection of ransomware downloaders by Windows Defender AV via heuristics and improved cloud protection, which are powered by precise machine learning models. The blocking of ransomware downloaders significantly decreased the volume of ransomware that reaches the endpoint. Those that do reach the computer can be detected and removed by generic heuristic-based ransomware detections.

But that doesn’t mean that the threat of ransomware is going away any time soon. If anything, we’re seeing a lot of innovation in malware code in ransomware families like Cerber and Locky, as well as in cybercriminal operations that distribute them. They will continue to be a big threat to companies, especially as they are observed to take on characteristics of targeted attacks. The sad truth is, cybercriminals know they can get significantly better returns from companies.

The other threat to data is data-wiping malware, which delete or replace all files on the computer. These threats are being used in high-profile targeted attacks against large organizations. Given the extent of their damage, they can halt business operations or take services offline.

One such malware is Depriz (aka Shamoon), which has been used in multiple targeted attacks in the Middle East since 2016. Attacks that use Depriz are destructive in nature, so there is barely any chance of restoring damaged files.

In a very curious development, a new version of Depriz was spotted sporting a ransomware component. This combination pointedly emphasizes how much attackers want to go after company data, whether to encrypt them for extortion money as ransomware would, or to delete them for sabotage as data-wipers would.

Ransomware and data-wipers pile on to already existing threats to data: theft, hardware breakdown, natural disasters, or even human mistakes. The general advice is to assume compromise. It takes only one employee falling prey to a social engineering lure to start a chain of infection that will lead to data loss.

The impact of ransomware and data-wiping malware can be minimized by making sound backup plans a critical component of any disaster recovery plan.

The 3-2-1 rule is a generally accepted practice for backing up. By creating three backup copies in at least two different storage media formats, with at least one copy in offline storage, you can have better safeguards to making sure your data is protected against these types of attacks. The 3-2-1 technique increases your chances of recovering from incidents.

Windows 10 has built-in technologies that can help you back up files systematically. You can turn on File History to regularly and automatically save copies of important files in a drive you specify. The best practice is to use an external drive as the backup drive, and to do a periodic offline backup by disconnecting the backup drive. This is because ransomware can encrypt file history backups just like any other files in the computer, including backup drives that are connected at the time of infection. File History can gracefully handle backup drives as they are connected and disconnected. You can then restore files from backup in the event your files are lost or damaged.

Microsoft OneDrive and Microsoft OneDrive for Business, which allow you to store, access, and share files from anywhere using any device, is integrated into Windows 10. On top of being a great collaboration and organization tool, OneDrive can help protect from ransomware and other threats using Version History, which automatically saves the previous version of your Office documents when you save or change them. You can then use your OneDrive backup to restore files.

Needless to say, endpoints and networks should be protected from ransomware and cyberattacks. Windows Defender Antivirus, for instance, uses a combination of heuristic and machine-learning technologies to deliver cloud-based protection against the latest threats.

On the other hand, Windows Defender Advanced Threat Protection alerts security operations teams about suspicious activities associated with ransomware, zero-day exploits, targeted attacks, and other threats.

To test how Windows Defender ATP can help your organization detect, investigate, and respond to advanced attacks, sign up for a free trial.

Even with security solutions in place, however, your data may still be exposed to other risks, such as the aforementioned natural disasters, media failure, and human error. Everything must be done to make sure critical data is safe. Backing up is not optional – it should be a vital part of any cybersecurity strategy.

Tanmay Ganacharya
Principal Security GM, Windows Defender Research
Follow on Twitter: @tanmayg


Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft community and Windows Defender Security Intelligence.

Follow us on Twitter @WDSecurity and Facebook Windows Defender Security Intelligence.