How to protect backup servers from ransomware


We all know that backup servers are only the sole saviors to an organization when a ransomware incident strikes their IT infrastructure. So, to avoid such troubles from file encrypting malware, the following are the steps to follow to protect backups from being corrupted with encryption-

Update- It is a known fact that back-up systems are the first to receive OS updates and so admins should subscribe to automatic updates for backup software.

Inbound ports should be disabled first, as hackers always try to exploit such vulnerabilities or login with stolen credentials. Thus, ports supporting data continuity processes must be left open and others need to be shut down.

Block outbound DNS Requests– Whenever a malware strikes a server, the first thing it does is to establish a connection with a command-and-control server. Thus, blocking DNS systems from receiving external queries must become a priority and done technically.

Blocking a backup server from Lightweight directory access protocol (LDAP) also makes sense as it blocks hackers from accessing usernames and passwords fraudulently.

Multi-factor authentication or biometric security implementation can help circumvent attacks to a large extent.

Backup and root accounts should have separate admins as it is not wise to put all eggs in one basket.

Using a hybrid backup environment makes complete sense, as offsite backups can be infiltrated easily. But cloud-based environments are not that easy to breach.

Privileges should be restricted and only be accessed by personnel who are designated to do so.

NOTE– Maintaining at least 3 copies of backups 1 offsite and 2 in the cloud not only prevents data disruption during digital attacks. But also helps to recover in the event of a catastrophe disaster like fire or flood accidents.


Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display