Azure Backup and the Evolving Threat of Ransomware

by | Apr 11, 2018 | Security | 0 comments

Ransomware is still the most common cyber threat for organizations: thousands of ransomware attacks occur every day. In 2017, Malwarebytes saw an increase of 90% in ransomware detected in businesses. From the city of Atlanta’s operations being crippled by SamSam ransomware, to Boeing’s systems being hit by WannaCry, no one is safe from cyberattack. Even if you are diligent about keeping backups of your corporate data, you may not be completely safe. Ransomware has evolved and continues to evolve.

Bad actors are developing new malware based upon how businesses respond to traditional attacks. A brand-new threat, Zenis, is a perfect example of this evolution. It encrypts and locks your files, just like any other ransomware, but then purposely destroys your backup data. So now data administrators must not only maintain backups of their data, but also protect those backups from corruption and deletion.

Data is the currency of the Digital World. Are you protecting it?

There are three major vulnerabilities to determine if your backups are at risk:

  1. The backup isn’t isolated from the production data
  2. There aren’t any controls that require authentication before destructive operations and ransomware can wipe your data
  3. There are no alert mechanisms to inform the system administrator of critical operations

If any of these are true for your organization, then you need to rethink your backup practices.

While this might seem bleak, there are effective ways to protect your backups from being effected. Most importantly: move your backups offsite. This effectively isolates the data from its backup, protecting it from malware. Traditional security measures like encryption, especially encrypting both during transit to an offsite location and at rest, are also very effective. Authentication controls like Multi-Factor Authentication (MFA) and role based access, can also prevent bad actors from messing with your backups. Finally, alerting administrators in real-time and delaying final delete can allow you to quickly respond to suspicious activity.

Those are relatively complex security controls just to combat an auxiliary function of new malware! Luckily, Microsoft’s Azure Backup already includes all of these capabilities. Azure Backup stores the backups in a cloud storage account separate from the customer’s subscription. It requires two-factor authentication before critical operations are executed. AES 256 encryption is used when sending the backup to the cloud. In addition to traditional alerting and role-based access capabilities, Azure Backup even retains the backups for 14 days after deletion.

The cybersecurity landscape gets more treacherous every day. Zenis won’t be the last ransomware to subvert traditional security controls. But you can be confident that Azure Backup will always be given the capabilities to preserve and protect your data. To deploy an Azure cloud solution or better understand your organization’s cyber-vulnerabilities, reach out to the experts at Peters & Associates. Call 630-832-0075 or email  We are happy to help!