Fighting Ransomware With Tape Backup? Experts and Users Weigh In
In the age of newfangled backup options, can tape still be the last line of defense against ransomware? Experts and users weigh in on the tape debate.
There's advice aplenty, especially on the internet, for organizations wondering what to do if ever a ransomware cybervillain should darket their digital door. Much of the advice comes from backup software vendors or cloud backup providers who describe the importance of digital backup in addressing attacks like these.
With such digital backup options available, should organizations supplement the fight against ransomware with tape backup? While it might surprise some, experts and users continue to make a compelling case for recovering from ransomware with tape backup.
Prevention Is Worth a Pound of Cure
Typically launched by an unsuspecting user who clicks the wrong link in a spear phishing email, ransomware proceeds to encrypt files on the infected machine while possibly infecting other unsuspecting systems on the network as well. The result can encrypt even some network-attached storage (NAS) servers, web servers, network file shares, connected backup files and even file sync/share services and other cloud shared drives. Ransomware even targets smartphones.
According to Dan Jan, Principal, Product Management at Iron Mountain, the best way to address ransomware is to prevent attacks from happening in the first place. After an attack occurs, organizations often struggle to pick up the pieces.
Ransomware: The Aftermath
Once an organization's IT department hears of a ransomware attack on one or more of their systems, good security practice suggests disconnecting any infected systems from the network.
Now comes the hard part: What do you do with the encrypted systems? Organizations can either pay a digital ransom to the cyberthieves, who promise to decrypt the now-encrypted systems. Or they can start wiping and restoring infected systems.
Unfortunately, there are challenges with each scenario. Paying the ransom is generally not recommended by authorities. Some companies have even paid the ransom without gaining access to their encrypted files. But the restore option assumes the organization actually has a backup of an earlier, known good state.
As many backups are now connected to the rest of the network and potentially in ransomware's line of fire, these can become encrypted and unusable, too. In fact, according to a Barkly survey of those who experienced a ransomware attack, only 42% were able to successfully recover from backup. One of the reasons? Backup drives also became encrypted.
Ransomware is not going away. It's also not always preventable and connected backups can also fall prey to ransomware. So what's an organization to do? The answer goes back to the basics of backup. Combating ransomware with tape backup starts to make sense.
According to Jan, backup's early 3-2-1 rule still applies: "You should have three total copies, two local on two different media (disk and tape, usually). Then, you get one copy off-site, unplugged," he says. "In this age of being plugged in, you still need a copy of your data that's unplugged." Everyone agrees to this in principle, he notes, but organizations still need to follow through and do it.
Jan refers to this unplugged copy as "offline", meaning the copy is completely disconnected to any network. A Tape Storage Council memo explains: "With tape, there is a gap' between the cartridge and the computer systems. Disk drives remain on-line and are particularly vulnerable to an attack." The memo goes on to say, "Tape technology prevents electronic cyberattack access to the data because a tape cartridge removed from the system is no longer accessible electronically."
Another poster chimed in with what they considered the best protection against ransomware: "Offsite copies stored on tapes. Only such scenarios do guarantee that ransomware would not be able to access backup data."