You’ve heard of ransomware, which is capable of rapidly encrypting and disabling files in a bid to force victims to pay exorbitant ransom fees. Now, there is a new threat to your data: wiper malware. Unlike ransomware, which offers the possibility of data recovery by paying the ransom, wiper malware is designed to delete data permanently for the specific purpose of rendering your system completely unrecoverable and unbootable.
Fortunately, it is possible to defend against wiper malware - but not by paying a fee to the attackers. The only defense that businesses can employ is backups. Here’s why backups are more important than ever in the age of wiper malware attacks.
Wiper Malware Destroys Files Permanently
Although malware designed to delete files has existed for some time now, it is only recently that wiper attacks have started to go mainstream.
The most prominent example was an attack in July 2021 against Iran’s national railway system. The incident, which was caused by wiper malware called Meteor, shut down rail operations across the country.
Again, while ransomware attacks are nothing new for most businesses, wiper malware poses an even more dangerous threat in the sense that it offers victims no possibility of recovering their data by cooperating with the attackers. In the case of ransomware, in a worst-case scenario, businesses can at least pay a ransom in order to get their data back and restore operations. But with wiper malware, there is no such possibility. Wipers permanently and irrevocably wipe computer systems clean, leaving victims dead in the water -- unless they have backups that they can recover from.
How Backups Protect Against Wipers
Backups cannot prevent malware attacks from happening but they can provide a means of restoring data after it has been compromised due to wiper malware or a similar attack.
That’s because properly managed backups ensure that a business retains copies of its data that are isolated from production systems. In the event that wiper malware, ransomware, or another form of malware compromises the “live” IT environment, the business can restore data from backups that it stores in a separate location.
Restoring from backups is always much less expensive and faster than paying a ransom fee to recover data. But if paying a ransom fee is not an option to recover your data because you’ve suffered a wiper attack, backups are the only way to recover.
Backups also provide additional benefits. If you maintain multiple backups, you can choose to recover data from different restore points, which can be useful in the event that more recent backups include malware and you need to restore from a “safe” copy. Backups also protect against risks like hardware failure, which can occur no matter how secure your systems are from a cybersecurity perspective.
Best Practices for Maximizing Data Protection Through Backups
There are a variety of fundamental practices to follow to ensure that your data is as safe as possible from wiper malware, ransomware, and other threats.
3-2-1 Backup Rule
The 3-2-1 backup rule states that you should maintain three separate copies of your data. You should use at least two separate storage media, and one copy should exist in an offsite location (such as the cloud), so that it remains intact if your local infrastructure is damaged.
Following the 3-2-1 backup rule will maximize your ability to recover data no matter which type of disruption you may face.
It can be easy to overlook some data when performing backups, especially if some of your employees work remotely or work partly using personal devices. Make sure to include your entire infrastructure in your backup plans, and perform audits to catch any data you may be missing within your backup routines.
Backup Scheduling and Retention
Use the RTO and RPO rules to determine how often you need to perform backups and how long to retain each backup, based on your business’s requirements.
WORM - which stands for write once, read many times - is a form of storage media on which data cannot be modified once it is written. Consider storing one of your backup copies on WORM media, which virtually eliminates the risk that backup data could be accidentally deleted.
Test Backups and Restores
Perform regular backup and recovery testing to ensure that you can actually restore data as you expect, and to catch any unforeseen issues that could slow down recovery.
Employ multi-factor authentication, or MFA, to secure access to backup data.
Separate Backups From Users
Don’t allow users to access backup data. Restrict access to IT staff who specifically need to interact with backups. Otherwise, there is a risk that employees could accidentally or (if they are disgruntled) deliberately delete backups.
If you store backups in the cloud, use your cloud provider’s identity and access management (IAM) framework to secure access to the backups.
Consider Multi-Cloud Backups
If your budget allows, consider backing up data to multiple cloud providers. Doing so ensures that backups remain available even if one cloud provider goes down.
Maintain Backup Readiness
Don’t wait until you need your backups to check on their status. Instead, deploy a backup and recovery solution that provides continuous visibility into the state of backups, and that allows you to monitor and manage all of your backups through a single pane of glass.
The emergence in the wild of wiper malware highlights the ever-increasing threats to their data that organizations face. A well-designed, well-managed data backup and recovery plan is the key to keeping data safe, no matter which techniques cyberattackers may deploy to disrupt your business’s access to the data on which it runs.